[Owasp-cincinnati] Thanks For Your Participation to the OWASP-Fortify Sponsored Meeting
Marco M. Morana
marco.m.morana at gmail.com
Thu Apr 24 07:14:13 EDT 2008
It will be nice if we can coordinate a presentation on SQL injection with Dr
Walden since he expressed desire to cover this topic during the summer.
On the calendar I have CSRF for May, Marco Morana & John Fellers.
The tentative calendar is
2) June Software Security Enhanced Process Models: Marco Morana
3) July: CAPTCHA Marco Morana + TBD or SQL Injection/Walden-Combs
4) August: SQL Injection/Walden-Combs or ESAPI/TBD
5) September: ESAPI/TBD or ??
6) October: Application Security Testing/Marco + TBD
9) December: not sure we need a presentation maybe just get together event..
Also I encourage taking the trail of discussion we started at the last
meeting and use the mailing list to exchange ideas/experiences/perspectives.
I think we discussed:
1) Is the public perception of a company security breach a factor in making
a company more secure (TJ Maxx example)
2) How much software security comes from strategy or technology, when
security will be become a feature built into the product not an added on as
a 'sexy" feature
3) How much compliance and liability are factors in driving software
security (liability contracts for security bugs, PCI compliance)
What I also would like to encourage is to reach out software development
companies/consulting in the tri-state area since I do not think OWASP is
well represented in that area. We also lack any P&G and GE representation.
Probably this is something that Andy Erickson can help me out with (local
PR). Any ideas?
From: Joe Combs [mailto:jcombs10 at cinci.rr.com]
Sent: Thursday, April 24, 2008 12:33 AM
To: Marco M. Morana
Subject: Re: [Owasp-cincinnati] Thanks For Your Participation to the
OWASP-Fortify Sponsored Meeting
Are you looking for presenters for the topics below? I have done a
couple presentations on SQL injection and would be happy to cover this.
Another presentation I thought about proposing (only because I don't
know much about it but want to force myself to learn more) is the OWASP
Marco M. Morana wrote:
> OWASP Cincinnati members
> Thanks for participating to the April 22^nd event. Wayne Browning and
> Allison Shubert especially as organizers first of all thanks for your
> support and time spent on organizing the event. As chapter lead I am
> very happy on how things turned out in terms of local participation. A
> counted about 40 people attending the event that is the most people
> attending we never had. We also showed how enthusiastic our OWASP
> chapter in Cincinnati is on the topic of application security.
> One little mishap I had was on my behalf for the OWASP books that were
> not shipped on time to be delivered at the event.
> I pledged to give away 10 Lulu OWASP books and I'll maintain the promise.
> Please respond to my email if you would like to receive the books and
> I will deliver them to you to the next meeting.
> The next meeting we plan a dive on CSRF Cross Site Request Forgery
> Vulnerability. I received a proposal for a session on CAPTCHA,
> Software Security Enhanced Lifecycles and SQL Injection. I encourage
> anybody to submit a topic for presentation if interested.
> Also, please feel free to use this mailing list to continue the topic
> of discussion we had started after the movie.
> With best regards
> Marco Morana
> OWASP Cincinnati Chapter Leader
> Join us at http://www.owasp.org/index.php/AppSecEU08
> Owasp-cincinnati mailing list
> Owasp-cincinnati at lists.owasp.org
More information about the Owasp-cincinnati