[Owasp-buffalo] Meeting Minutes from first OWASP Buffalo NY Chapter Meeting

James Kist kist at nsec.net
Wed Oct 13 01:20:21 EDT 2004

The OWASP Buffalo NY Chapter held their first meeting on October 12th from 6
to 8 PM. The meeting was held at Network Security Corp.'s offices at 405 N.
French Road, Amherst NY 14228.

The meeting opened with a brief overview of OWASP and the goals of OWASP,
followed by introductions of all attendees. All attendees mentioned their
web application development platform of choice, along with their goals for
this specific meeting. ASP and ASP .NET seemed to be the leader for the
development platform of choice, followed by PHP, and ColdFusion being

The topic of discussion for this meeting was a presentation of the OWASP
Top Ten. The OWASP Top Ten was presented with specific details and
examples of each vulnerability, and live demos of some of the vulnerabilities.

After the presentation, their was an open discussion on future meetings
and goals of the organization. It was decided that the next meeting would
be held on Tuesday, November 16th from 6 to 8 PM. The meeting is
tentatively scheduled to be held at the same location, however, if we have
a large number of registrants for the next meeting, it can be held at the
Independent Health offices, which has a much larger meeting center. All
attendees agreed that they would spread the word about OWASP and try to
get their co-workers and other colleagues to attend the next meeting.

The topic of the next meeting is yet to be determined.  Some of the topics
that were suggested by attendees of this meeting include the following:

* Secure Programming Best Practices
* Code Review
* Demo of commercial web application scanners and/or web application firewalls
* Demo of open source web application scanners and/or web application firewalls
* Web Services Security
* Review of recent web application vulnerabilities

It was also agreed that all attendees would subscribe to the mailing list at
https://lists.sourceforge.net/lists/listinfo/owasp-buffalo and send
feedback and suggestions as to what should be discussed at the next

Overall, the meeting was a success with all attendees learning more about
web application security, which was the original goals for this meeting.
So, to all attendees and organizers of this meeting, I say keep up the
good work, spread the word to your co-workers or other interested parties,
and sign up for the mailing list (if you have not already done so). Stay
tuned for more updates!

James Kist, CISSP
Network Security Corp.

More information about the Owasp-buffalo mailing list