[Owasp-ireland] Announcement - Next OWASP Ireland meeting Friday 19th of February
fcerullo at owasp.org
Tue Jan 19 16:13:04 EST 2010
This is a reminder for the forthcoming OWASP Ireland chapter meeting to be
held on February 19th, at 3:00pm-5:00pm (show up at venue between
As usual our location are the Ernst & Young offices in Dublin who kindly
agreed to host our event:
- Ernst & Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin,
Google Map location here:
As last time, we should have plenty of time to have a talk and a few drinks
If you are planning to attend you must RSVP
Note, please enter your real name, as this will be given to Ernst & Young
building security. If you don't RSVP, you may not be let into the building.
Also note that RSVPs close midday the day ofthe event (so we can get names
on the door), so make sure you RSVP in
Also, if you are no longer able to attend, please email Fabio at
fcerullo at owasp.org, Eoin at eoin.keary at owasp.org or Rahim at
rahim.jina at ie.ey.com<https://lists.owasp.org/mailman/options/owasp-ireland/rahim.jina--at--ie.ey.com>
so your space can be released for someone else.
Title: ***OWASP O2 Platform - Open Platform for automating application
security knowledge and workflows
In this talk Dinis Cruz will show the OWASP O2 Platform which is an open
source toolkit specifically designed for developers and security consultants
to be able to perform quick, effective and thorough 'source-code-driven'
application security reviews. The OWASP O2 Platform (
http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the
scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs,
CodeCrawler and AppScan DE, and also provides limited support for Fortify
and OWASP WebScarab dumps. In the past, there has been a very healthy
skepticism on the usability of Source Code analysis engines to find commonly
found vulnerablities in real world applications. This presentation will show
that with some creative and powerful tools, it IS possible to use O2 to
discover those issues. This presentation will also show O2's advanced
support for Struts and Spring MVC.
Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in
London (UK) and specialized in: ASP.NET Application Security, Active
Directory deployments, Application Security audits and .NET Security
Since the 1.1 release of the .Net Framework, Dinis has been one of the
strongest proponents of the need to write .Net applications that can be
executed in secure Partially Trusted .Net environments, and has done
extensive research on: Rooting the CLR, exposing the dangers of Full Trust
Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non
verifiable) code, creating .Net Security Protection Layers and using
Reflection to dynamically manipulate .Net Client applications.
Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code]
project's leader and the main developer of several of OWASP .Net tools
([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net
Dinis is a active trainer on .Net security having written and delivered
courses for IOActive, Foundstone, Intense School and KPMG . His latest
course is the two day training course [Advanced Asp.Net Exploits and
Countermeasures, which was delivered at the Black Hat 2006 conference and
will be presented on the fortcomming [OWASP AppSec Conference] in Seattle.
Further details and schedule for the night will be available on the chapter
page ( https://www.owasp.org/index.php/Ireland ).
See you there!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-ireland