<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.apple-style-span
        {mso-style-name:apple-style-span;}
span.apple-tab-span
        {mso-style-name:apple-tab-span;}
span.EmailStyle20
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#002060;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=WordSection1>

<p class=MsoNormal><span style='font-size:12.0pt;color:#002060'>Just a reminder
- <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt;color:#002060'><o:p>&nbsp;</o:p></span></p>

<div>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Jim Weiler&nbsp;&nbsp; CISSP&nbsp;&nbsp;CSSLP&nbsp; GSSP-Java</span><span
style='color:#002060'><o:p></o:p></span></p>

<p class=MsoNormal><i><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Starwood Hotels and Resorts</span></i><span style='color:#002060'><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Sr. Mgr. Information Security Risk Assessment</span><span
style='color:#002060'><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Office - 781 356 0067</span><span style='color:#002060'><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Cell - 781 654 6048</span><span style='color:#002060'><o:p></o:p></span></p>

</div>

<p class=MsoNormal><span style='font-size:12.0pt;color:#002060'><o:p>&nbsp;</o:p></span></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Weiler, Jim <br>
<b>Sent:</b> Sunday, September 26, 2010 9:02 PM<br>
<b>To:</b> owasp-boston@lists.owasp.org;
owasp-bostonfinancialdist@lists.owasp.org; announcements-boston@naisg.org<br>
<b>Subject:</b> OWASP Boston Oct 6 + Dec 1 meetings<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal><span style='font-size:12.0pt'>Next meeting &#8211; Wed. Oct 6.
Microsoft Waltham. This is the first of a 2 part session. The second part will
be Wed. Dec. 1.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'>We will still have a November
meeting, featuring Pravir Chandra, project leader for OWASP Open SAMM.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><a
href="http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model#tab=Main">http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model#tab=Main</a><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span><b>Overview:</b></span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>In this highly interactive two-part workshop, Rob Cheyne
of Safelight Security will show you the basics of conducting a real-world
architecture &amp; design review.&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>This workshop draws from Safelight's Security
Architecture Fundamentals training course, a two-day course frequently used to
teach Fortune 500 companies how to look at their system architectures from both
the hacker's and the designer&#8217;s point of view. &nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span><b>First session:</b></span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>In the first session on October 6, Rob discusses a
practical approach to architecture review and threat modeling using real-world
examples. This session lays the foundation for participants to participate in a
real-world architecture review in the December session.&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>Attendees will learn:</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-tab-span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><span class=apple-style-span>- How to holistically examine a system architecture
for security issues from both the designer&#8217;s and the hacker's point of view</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-tab-span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><span class=apple-style-span>- To identify frequently overlooked areas
where security vulnerabilities commonly occur</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-tab-span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><span class=apple-style-span>- Tips for assessing a system at the
host-level, network level, and application level</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-tab-span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span><span class=apple-style-span>- Practical ways to apply threat modeling
to help manage risk&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span><b>Second session:</b></span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>In the December 1st session, Rob will conduct a sample
architecture assessment against a real-world system, and in the process, teach participants
how to conduct an architecture of their own.&nbsp; Brave volunteers will be
welcome to share their own architectures and have them reviewed. This is an
opportunity to get free consulting that typically costs thousands of
dollars.&nbsp; There is limited time, so not every one will get chosen.&nbsp;
If you are interested in this, please contact Rob Cheyne (<a
href="mailto:rcheyne@safelightsecurity.com">rcheyne@safelightsecurity.com</a>)
directly.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>&nbsp;<b>Who should attend?</b></span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>Anyone can participate and learn from the discussion in
this accessible and dynamic workshop.&nbsp; Whether you are an architect, a
developer, or a manager, there will be something here for you. &nbsp;Come learn
to challenge your assumptions.<o:p></o:p></span></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span><b>Additional information:</b></span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>Penetration testing is a common way to evaluate an
application's security.&nbsp; Yet a comprehensive architecture and design
assessment can uncover critical security issues that often cost far less to
resolve early on in a project.&nbsp; Many companies overlook this element of
system design.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
class=apple-style-span>Rob was one of a select few at security consulting
company @stake who regularly led and conducted full-blown enterprise-level
architecture assessments for Fortune 500 companies.&nbsp; Drawing from his
experience with dozens of real-world architecture assessments over the past 12
years, and his 20 years as a software developer, architect, and consultant, Rob
teaches students to&nbsp;challenge assumptions that frequently lead to
long-term security and reliability problems.&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal><span style='font-size:12.0pt'>http://www.owasp.org/index.php/Boston<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'>Date - Oct. 6<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'>Time - 6:30 p.m.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'>Location and Directions - <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'>Microsoft offices at the
Waltham Weston Corporate Center, 201 Jones Rd., Sixth Floor Waltham, MA<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'>From Rt. 128 North take exit 26
toward Waltham, East up the hill on Rt. 20. From Rt 128 South take exit 26 but
go around the rotary to get to 20 East to Waltham. Follow signs for Rt. 117
(left at the second light). When you get to 117 turn left (West). You will
cross back over Rt. 128. Jones Rd. (look for the Waltham Weston Corporate
Center sign) is the second left, at a blinking yellow light, on Rt. 117 going
west about 0.1 miles from Rt. 128 (I95). The office building is at the bottom
of Jones Rd. Best parking is to turn right just before the building and park in
the back. Knock on the door to get the security guard to open it. The room is
MPR C.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Jim Weiler&nbsp;&nbsp; CISSP&nbsp;&nbsp;CSSLP&nbsp; GSSP-Java</span><o:p></o:p></p>

<p class=MsoNormal><i><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Starwood Hotels and Resorts</span></i><o:p></o:p></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Sr. Mgr. Information Security Risk Assessment</span><o:p></o:p></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Office - 781 356 0067</span><o:p></o:p></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:purple'>Cell - 781 654 6048</span><o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

</div>

<br clear=all> This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
</body>

</html>