[Owasp-cincinnati] Thanks For Your Participation to the OWASP-Fortify Sponsored Meeting

Marco M. Morana marco.m.morana at gmail.com
Thu Apr 24 07:14:13 EDT 2008



It will be nice if we can coordinate a presentation on SQL injection with Dr
Walden since he expressed desire to cover this topic during the summer. 

On the calendar I have CSRF for May, Marco Morana & John Fellers.
The tentative calendar is
2) June Software Security Enhanced Process Models: Marco Morana
3) July: CAPTCHA Marco Morana + TBD or SQL Injection/Walden-Combs
4) August: SQL Injection/Walden-Combs or ESAPI/TBD
5) September: ESAPI/TBD or ??
6) October: Application Security Testing/Marco + TBD
7) November:TBD
9) December: not sure we need a presentation maybe just get together event..

Also I encourage taking the trail of discussion we started at the last
meeting and use the mailing list to exchange ideas/experiences/perspectives.

I think we discussed:
1) Is the public perception of a company security breach a factor in making
a company more secure (TJ Maxx example)

2) How much software security comes from strategy or technology, when
security will be become a feature built into the product not an added on as
a 'sexy" feature

3) How much compliance and liability are factors in driving software
security (liability contracts for security bugs, PCI compliance)

What I also would like to encourage is to reach out software development
companies/consulting in the tri-state area since I do not think OWASP is
well represented in that area. We also lack any P&G and GE representation.
Probably this is something that Andy Erickson can help me out with (local
PR). Any ideas?



-----Original Message-----
From: Joe Combs [mailto:jcombs10 at cinci.rr.com] 
Sent: Thursday, April 24, 2008 12:33 AM
To: Marco M. Morana
Subject: Re: [Owasp-cincinnati] Thanks For Your Participation to the
OWASP-Fortify Sponsored Meeting

Are you looking for presenters for the topics below? I have done a 
couple presentations on SQL injection and would be happy to cover this. 
Another presentation I thought about proposing (only because I don't 
know much about it but want to force myself to learn more) is the OWASP 


Marco M. Morana wrote:
> OWASP Cincinnati members
> Thanks for participating to the April 22^nd event. Wayne Browning and 
> Allison Shubert especially as organizers first of all thanks for your 
> support and time spent on organizing the event. As chapter lead I am 
> very happy on how things turned out in terms of local participation. A 
> counted about 40 people attending the event that is the most people 
> attending we never had. We also showed how enthusiastic our OWASP 
> chapter in Cincinnati is on the topic of application security.
> One little mishap I had was on my behalf for the OWASP books that were 
> not shipped on time to be delivered at the event.
> I pledged to give away 10 Lulu OWASP books and I'll maintain the promise.
> Please respond to my email if you would like to receive the books and 
> I will deliver them to you to the next meeting.
> The next meeting we plan a dive on CSRF Cross Site Request Forgery 
> Vulnerability. I received a proposal for a session on CAPTCHA, 
> Software Security Enhanced Lifecycles and SQL Injection. I encourage 
> anybody to submit a topic for presentation if interested.
> Also, please feel free to use this mailing list to continue the topic 
> of discussion we had started after the movie.
> With best regards
> Marco Morana
> OWASP Cincinnati Chapter Leader
> http://www.owasp.org/index.php/Cincinnati 
> <http://www.owasp.org/index.php/Cincinnati>
> Join us at http://www.owasp.org/index.php/AppSecEU08
> ------------------------------------------------------------------------
> _______________________________________________
> Owasp-cincinnati mailing list
> Owasp-cincinnati at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-cincinnati

More information about the Owasp-cincinnati mailing list