[OWASP-Ireland] RE: OWASP-Ireland digest, Vol 1 #2 - 3 msgs

Laprade, Yann Yann.Laprade at ie.fid-intl.com
Wed Mar 16 07:37:45 EST 2005


Hi,

I'll be there

Cheers,
Yann

Yann Laprade,
Principal Security Analyst
Application Security Group (http://asg.fmr.com)
Fidelity Investments Systems Company - Ireland



-----Original Message-----
From: owasp-ireland-admin at lists.sourceforge.net
[mailto:owasp-ireland-admin at lists.sourceforge.net] On Behalf Of
owasp-ireland-request at lists.sourceforge.net
Sent: Friday, March 04, 2005 4:13 AM
To: owasp-ireland at lists.sourceforge.net
Subject: OWASP-Ireland digest, Vol 1 #2 - 3 msgs


Send OWASP-Ireland mailing list submissions to
	owasp-ireland at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/owasp-ireland
or, via email, send a message with subject or body 'help' to
	owasp-ireland-request at lists.sourceforge.net

You can reach the person managing the list at
	owasp-ireland-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of OWASP-Ireland digest..."


Today's Topics:

   1. Meeting 25/3/2004 (Keary, Eoin)
   2. Validator for .Net (Keary, Eoin)
   3. ID theft (Keary, Eoin)

--__--__--

Message: 1
From: "Keary, Eoin" <eoin.keary at ie.fid-intl.com>
To: "'owasp-ireland at lists.sourceforge.net.'"
	 <owasp-ireland at lists.sourceforge.net>
Date: Thu, 3 Mar 2005 11:14:12 -0000 
Subject: [OWASP-Ireland] Meeting 25/3/2004

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C51FE2.210AA886
Content-Type: text/plain

Hi,
We intend to have a meeting on the 24th of March in Dublin 2. from 6:00 to
7:30
At the meeting we shall have a couple of presentations:

"Application Security: Integration into the Software development Lifecycle."
"The Application Security marketplace."

We also are interested in peoples feedback and contributions to the Irish
Chapter of the OWASP which shall be discussed.
If interested in attending please reply to this mail so refreshments can be
organized.

Regards,
Eoin


Eoin Keary
Principal Security Analyst
Team Lead (Irl)
Application Security Group
http://asg.fmr.com <http://asg.fmr.com> 
*internal: 8737 5582			
*external: +353-1-6145582
* eoin.keary at fid-intl.com
FISC - Ireland Ltd.,  Registered in Ireland no. 245656. Registered office:
Hardwicke House, 
Upper Hatch street, Dublin 2. Telephone +353-1-6145400.  Any comments or
statements
made are not necessarily those of Fidelity Investments, its subsidiaries, or
affiliates


------_=_NextPart_001_01C51FE2.210AA886
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2657.73">
<TITLE>Meeting 25/3/2004</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">Hi,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">We intend to have a meeting on the =
24th of March in Dublin 2. from 6:00 to 7:30</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">At the meeting we shall have a couple =
of presentations:</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">&quot;Application Security: =
Integration into the Software development Lifecycle.&quot;</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">&quot;The Application Security =
marketplace.&quot;</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">We also are interested in peoples =
feedback and contributions to the Irish Chapter of the OWASP which =
shall be discussed.</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">If interested in attending please =
reply to this mail so refreshments can be organized.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Regards,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Eoin</FONT>
</P>
<BR>

<P><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Eoin =
Keary</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Principal =
Security Analyst</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Team Lead =
(Irl)</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Application =
Security Group</FONT></I></B>
<BR><A HREF=3D"http://asg.fmr.com"><U></U><U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 =
FACE=3D"Arial">http://asg.fmr.com</FONT></U></A><B></B><B><I></I></B><B>=
<I></I></B><B><I></I></B>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">(</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">internal: 8737 =
5582&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">(</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">external: =
+353-1-6145582</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">+</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial"> =
eoin.keary at fid-intl.com</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">FISC - Ireland =
Ltd.,&nbsp; Registered in Ireland no. 245656. Registered office: =
Hardwicke House, </FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">Upper Hatch street, =
Dublin 2. Telephone +353-1-6145400.&nbsp; Any comments or =
statements</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">made are not =
necessarily those of Fidelity Investments, its subsidiaries, or =
affiliates</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C51FE2.210AA886--


--__--__--

Message: 2
From: "Keary, Eoin" <eoin.keary at ie.fid-intl.com>
To: "'owasp-ireland at lists.sourceforge.net.'"
	 <owasp-ireland at lists.sourceforge.net>
Date: Thu, 3 Mar 2005 11:51:26 -0000 
Subject: [OWASP-Ireland] Validator for .Net

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C51FE7.544FB646
Content-Type: text/plain

Anyone familiar with the commons validator for struts framework
(http://struts.apache.org/ <http://struts.apache.org/> ) may be interested
to know that foundstone (http://www.foundstone.com/
<http://www.foundstone.com/> ) are developing a .NET input validator.
The concept is to "wire" up the validator into your own .NET application.
This tool validates all input to your application for malicious characters
used for exploiting vulnerabilities.
"Writing code to check for every input field was often taxing, inefficient,
incomplete and not through. For the same reasons Microsoft provided
extensive validation framework in ASP.NET. The aim was to help developers
perform data validation routines faster and in a more efficient manner. Even
with the presence of these validators, data validations techniques are no
where near acceptable level."

Features:

	*	Provides an efficient way to apply effective data validation
techniques to existing .NET validation
	*	Does not require access to source code and therefore does
not change source code
	*	Integrates with any existing .NET web application
	*	Is composed of 2 parts
			o	Design Component, also called Configuration
Console
			o	Runtime Component
	*	Provides a centralized repository of rule set, such that
those rules can be repeatedly applied to multiple controls of the
application
	*	Allows custom rules to be written to the granularity of
every control on each form
	*	Generates a set of XML rules that can be deployed at
multiple applications 


The tool and documentation should be released next week according to
foundstone.

Regards,
Eoin



Eoin Keary
Principal Security Analyst
Team Lead (Irl)
Application Security Group
http://asg.fmr.com <http://asg.fmr.com> 
*internal: 8737 5582			
*external: +353-1-6145582
* eoin.keary at fid-intl.com
FISC - Ireland Ltd.,  Registered in Ireland no. 245656. Registered office:
Hardwicke House, 
Upper Hatch street, Dublin 2. Telephone +353-1-6145400.  Any comments or
statements
made are not necessarily those of Fidelity Investments, its subsidiaries, or
affiliates


------_=_NextPart_001_01C51FE7.544FB646
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2657.73">
<TITLE>Validator for .Net</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">Anyone familiar with the commons =
validator for struts framework (</FONT><A =
HREF=3D"http://struts.apache.org/"><U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">http://struts.apache.org/</FONT></U></A><FONT SIZE=3D2 =
FACE=3D"Arial">) may be interested to know that foundstone (</FONT><A =
HREF=3D"http://www.foundstone.com/"><U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">http://www.foundstone.com/</FONT></U></A><FONT SIZE=3D2 =
FACE=3D"Arial">) are developing a .NET input validator.</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">The concept is to &quot;wire&quot; up =
the validator into your own .NET application. This tool validates all =
input to your application for malicious characters used for exploiting =
vulnerabilities.</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">&quot;Writing code to check for every =
input field was often taxing, inefficient, incomplete and not through. =
For the same reasons Microsoft provided extensive validation framework =
in ASP.NET. The aim was to help developers perform data validation =
routines faster and in a more efficient manner. Even with the presence =
of these validators, data validations techniques are no where near =
acceptable level.&quot;</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Features:</FONT>
</P>
<UL>
<P><FONT FACE=3D"Symbol">&#183;<FONT FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT> <FONT =
FACE=3D"Times">Provides an efficient way to apply effective data =
validation techniques to existing .NET validation</FONT>
<BR><FONT FACE=3D"Symbol">&#183;<FONT FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT> <FONT =
FACE=3D"Times">Does not require access to source code and therefore =
does not change source code</FONT>
<BR><FONT FACE=3D"Symbol">&#183;<FONT FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT> <FONT =
FACE=3D"Times">Integrates with any existing .NET web application</FONT>
<BR><FONT FACE=3D"Symbol">&#183;<FONT FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT> <FONT =
FACE=3D"Times">Is composed of 2 parts</FONT>
<UL><UL>
<P><FONT FACE=3D"Courier =
New">o&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<I></I></FONT><I> <FONT =
FACE=3D"Times">Design Component</FONT></I><FONT FACE=3D"Times">, also =
called Configuration Console</FONT>
<BR><FONT FACE=3D"Courier =
New">o&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT><I></I><I> <FONT =
FACE=3D"Times">Runtime Component</FONT></I>
</UL></UL>
<P><FONT FACE=3D"Symbol">&#183;<FONT FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT> <FONT =
FACE=3D"Times">Provides a centralized repository of rule set, such that =
those rules can be repeatedly applied to multiple controls of the =
application</FONT></P>

<P><FONT FACE=3D"Symbol">&#183;<FONT FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT> <FONT =
FACE=3D"Times">Allows custom rules to be written to the granularity of =
every control on each form</FONT>
<BR><FONT FACE=3D"Symbol">&#183;<FONT FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT> <FONT =
FACE=3D"Times">Generates a set of XML rules that can be deployed at =
multiple applications </FONT>
</P>
<BR>
</UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">The tool and documentation should be =
released next week according to foundstone.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Regards,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Eoin</FONT>
</P>
<BR>
<BR>

<P><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Eoin =
Keary</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Principal =
Security Analyst</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Team Lead =
(Irl)</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Application =
Security Group</FONT></I></B>
<BR><A HREF=3D"http://asg.fmr.com"><U></U><U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 =
FACE=3D"Arial">http://asg.fmr.com</FONT></U></A><B></B><B><I></I></B><B>=
<I></I></B><B><I></I></B>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">(</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">internal: 8737 =
5582&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">(</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">external: =
+353-1-6145582</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">+</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial"> =
eoin.keary at fid-intl.com</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">FISC - Ireland =
Ltd.,&nbsp; Registered in Ireland no. 245656. Registered office: =
Hardwicke House, </FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">Upper Hatch street, =
Dublin 2. Telephone +353-1-6145400.&nbsp; Any comments or =
statements</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">made are not =
necessarily those of Fidelity Investments, its subsidiaries, or =
affiliates</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C51FE7.544FB646--


--__--__--

Message: 3
From: "Keary, Eoin" <eoin.keary at ie.fid-intl.com>
To: "'owasp-ireland at lists.sourceforge.net.'"
	 <owasp-ireland at lists.sourceforge.net>
Date: Thu, 3 Mar 2005 13:32:29 -0000 
Subject: [OWASP-Ireland] ID theft

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C51FF5.61EF9C0E
Content-Type: text/plain

http://news.bbc.co.uk/2/hi/business/4311693.stm
<http://news.bbc.co.uk/2/hi/business/4311693.stm> 

An interesting article on ID theft in the UK.
Anyone have similar information about Ireland?
Phishing attacks are commonly used for such exploits.
See:
http://www.antiphishing.org/ <http://www.antiphishing.org/> 

Eoin



Eoin Keary
Principal Security Analyst
Team Lead (Irl)
Application Security Group
http://asg.fmr.com <http://asg.fmr.com> 
*internal: 8737 5582			
*external: +353-1-6145582
* eoin.keary at fid-intl.com
FISC - Ireland Ltd.,  Registered in Ireland no. 245656. Registered office:
Hardwicke House, 
Upper Hatch street, Dublin 2. Telephone +353-1-6145400.  Any comments or
statements
made are not necessarily those of Fidelity Investments, its subsidiaries, or
affiliates


------_=_NextPart_001_01C51FF5.61EF9C0E
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2657.73">
<TITLE>ID theft</TITLE>
</HEAD>
<BODY>

<P><A HREF=3D"http://news.bbc.co.uk/2/hi/business/4311693.stm"><U><FONT =
COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">http://news.bbc.co.uk/2/hi/business/4311693.stm</FONT></U=
></A>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">An interesting article on ID theft in =
the UK.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Anyone have similar information about =
Ireland?</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Phishing attacks are commonly used =
for such exploits.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">See:</FONT>
<BR><A HREF=3D"http://www.antiphishing.org/"><U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">http://www.antiphishing.org/</FONT></U></A>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Eoin</FONT>
</P>
<BR>
<BR>

<P><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Eoin =
Keary</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Principal =
Security Analyst</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Team Lead =
(Irl)</FONT></I></B>
<BR><B><I><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">Application =
Security Group</FONT></I></B>
<BR><A HREF=3D"http://asg.fmr.com"><U></U><U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 =
FACE=3D"Arial">http://asg.fmr.com</FONT></U></A><B></B><B><I></I></B><B>=
<I></I></B><B><I></I></B>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">(</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">internal: 8737 =
5582&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">(</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial">external: =
+353-1-6145582</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D2 FACE=3D"Wingdings">+</FONT><FONT =
COLOR=3D"#008000" SIZE=3D2 FACE=3D"Arial"> =
eoin.keary at fid-intl.com</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">FISC - Ireland =
Ltd.,&nbsp; Registered in Ireland no. 245656. Registered office: =
Hardwicke House, </FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">Upper Hatch street, =
Dublin 2. Telephone +353-1-6145400.&nbsp; Any comments or =
statements</FONT>
<BR><FONT COLOR=3D"#008000" SIZE=3D1 FACE=3D"Arial">made are not =
necessarily those of Fidelity Investments, its subsidiaries, or =
affiliates</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C51FF5.61EF9C0E--



--__--__--

_______________________________________________
OWASP-Ireland mailing list
OWASP-Ireland at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-ireland


End of OWASP-Ireland Digest




More information about the Owasp-ireland mailing list