[Owasp-buffalo] Meeting Minutes from first OWASP Buffalo NY Chapter Meeting

James Kist kist at nsec.net
Wed Oct 13 00:56:06 EDT 2004

The OWASP Buffalo NY Chapter held their first meeting on October 12th from 6
to 8 PM. The meeting was held at Network Security Corp.'s offices at 405 N.
French Road, Amherst NY 14228.

The meeting opened with a brief overview of OWASP and the goals of OWASP,
followed by introductions of all attendees. All attendees mentioned their
web application development platform of choice, along with their goals for
this specific meeting.  ASP and ASP .NET seemed to be the leader for the
development platform of choice, followed by PHP, and ColdFusion being third.

The topic of discussion for this meeting was a presentation of the OWASP Top
Ten. The OWASP Top Ten was presented with specific details and examples of
each vulnerability, and live demos of some of the vulnerabilities.

After the presentation, their was an open discussion on future meetings and
goals of the organization. It was decided that the next meeting would be
held on Tuesday, November 16th from 6 to 8 PM. The meeting is tentatively
scheduled to be held at the same location, however, if we have a large
number of registrants for the next meeting, it can be held at the
Independent Health offices, which has a much larger meeting center. All
attendees agreed that they would spread the word about OWASP and try to get
their co-workers and other colleagues to attend the next meeting.

The topic of the next meeting is yet to be determined.  Some of the topics
that were suggested by attendees of this meeting include the following:

* Secure Programming Best Practices
* Code Review
* Demo of commercial web application scanners and/or web application
* Demo of open source web application scanners and/or web application
* Web Services Security
* Review of recent web application vulnerabilities

It was also agreed that all attendees would subscribe to the mailing list at
https://lists.sourceforge.net/lists/listinfo/owasp-buffalo and send feedback
and suggestions as to what should be discussed at the next meeting.

Overall, the meeting was a success with all attendees learning more about
web application security, which was the original goals for this meeting. So,
to all attendees and organizers of this meeting, I say keep up the good
work, spread the word to your co-workers or other interested parties, and
sign up for the mailing list (if you have not already done so). Stay tuned
for more updates!

James Kist, CISSP
Network Security Corp

More information about the Owasp-buffalo mailing list