[Owasp-ireland] OWASP Ireland News - May 5th, 2010

fabio.e.cerullo at aib.ie fabio.e.cerullo at aib.ie
Wed May 5 11:19:26 EDT 2010


**************************************************************************************************
OWASP Ireland News May 5th, 2010 
************************************************************************************************** 


1. OWASP May Event: Trials and Tribulations of WAF Implementation 
2. OWASP AppSec Ireland 2010
3. Secure Application Development on Facebook Platform
4. Google Web Application Exploits and Defenses 

1. May Event: Trials & Tribulations of WAF Implementation

OWASP Ireland chapter meeting is going to be held on May 20th, at 
6:30pm-7:30pm (show up at venue between 6:00pm-6:30pm).

As usual our location are the Ernst & Young offices in Dublin who kindly 
agreed to host our event:

If you are planning to attend you must RSVP at 
http://owasp-ireland-waf.eventbrite.com. 

Note, please enter your real name, as this will be given to Ernst & Young 
building security. If you don't RSVP, you may not be let into the 
building. 

A certificate of participation will be provided to those attending the 
event. 

== Talk ==

Title: Trials & Tribulations of WAF Implementation

Abstract: 

A web application firewall (WAF) is an appliance, server plugin, or filter 
that applies a set of rules to an HTTP conversation. Generally, these 
rules cover common attacks such as Cross-site Scripting (XSS) and SQL 
Injection. By customizing the rules to your application, many attacks can 
be identified and blocked. The effort to perform this customization can be 
significant and needs to be maintained as the application is modified. 

Mark will be presenting on his experience in implementing a Web 
Application Firewall solution through all phases from research to 
implementation.

== Presenter == 

Mark Hillick - Application Networking Team, Citrix Systems

Mark Hillick has 10 years experience in relation to Internet, networking, 
systems administration and security engineering. 

Mark graduated from Queen's University, where he studied Mathematics. 

Mark joined AIB from Queen's where he joined the Internet Infrastructure 
team, where he was responsible for designing, building and securing the 
Internet service in and out of AIB. He is a prominent member of the IT 
Security community in Ireland and has presented at several local security 
forums such as IISF and Owasp. Mark is one of the founding members of 
IRISS CERT, where he is also a Volunteer Incident Handler. He helped 
organise IRISSCon 2009, where he also designed and built HackEire 2009, 
the first Ethical Hacking  'Capture The Flag' contest in Ireland.

** If you would like to be a sponsor of this or a future event please 
contact Fabio directly by mail for further details.

Further details and schedule for the night will be available on the 
chapter page (https://www.owasp.org/index.php/Ireland). 

2. OWASP AppSec Ireland 2010 

OWASP will hold its annual Ireland Application Security conference in 
Trinity College, Dublin on September 17 2010. 

The Conference will consist of one day of training sessions, followed by a 
one-day conference with 2 tracks. 
 
We are seeking presentations on any of the following topics: 
 
-   Web Services and Application Security 
-   Common Application related Threats and Risks
-   Business Risks with Application Security 
-   Vulnerability Research in Application Security 
-   Web Application Penetration Testing 
-   OWASP Tools and Projects 
-   Secure Coding Practices 
-   Technology specific presentations on security such as AJAX, XML, etc. 
-   Anything else relating to OWASP and Application Security. 
 
Other suggestions are welcome.
 
The call for papers/presentations is out!
 
The official closing date for receiving a synopsis of the presentation is 
June 10th, 2010. 

Complete presentations will need to be submitted by the 10th of August 
2010.
 
This year as per last year any presenter will receive a free invitation to 
the conference. 
 
Please submit your presentation topics and an abstract of up to 500 words 
to Eoin Keary at eoin.keary at owasp.org

Sponsorship opportunities are currently available

OWASP is providing sponsors exclusive access to its audience in Dublin, 
Ireland through a limited number of Expo floor slots, providing a focused 
setting for potential customers. The conference is expected to draw 150 - 
200 technologists who will be looking for ways to spend their remaining 
2010 budget and planning for 2010. Financial Services, Media, 
Pharmaceuticals, Government, Healthcare, Technology, and many other 
verticals will be represented.

** If you would like to be a sponsor of this conference please contact 
Eoin directly by mail for further details.

For up-to-date information about this event please visit: 
http://www.owasp.org/index.php/OWASP_IRELAND_2010

3. Secure Application Development on Facebook Platform

This document provides a basic outline/best practice for developing secure 
applications on the Facebook platform. Facebook applications are web, 
desktop, or mobile applications that make use of the Facebook API to 
integrate tightly with the social network experience. This document is 
designed for the Facebook developer, but it can also be used as a 
reference for non-technical readers. Depending on the reader’s level of 
technical understanding of security vulnerability classes and the Facebook 
platform, sections of the document may be skimmed or skipped

Here you could find the full article: 
http://www.owasp.org/index.php/Facebook

4. Google Web Application Exploits and Defenses 

The folks at Google have released some web app training, along with a 
vulnerable web app sandbox to play in. The tool is called Jarlsberg. 

Google's "Web Application Exploits and Defenses" codelab can be used in a 
black-box setting, in which hackers aren't privy to the source code of the 
application they're attacking, or a white-box setting, in which they are. 

http://jarlsberg.appspot.com/ 

There's also an instructor's guide available at:

http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdf


**************************************************************************************************************************************************
The professional association of OWASP Foundation Inc., is always free and 
open to anyone interested in learning more about application security. 
Prior to participating with OWASP please review the Chapter Rules and the 
OWASP overview for some background. As a 501(3)c non-profit professional 
association your support and sponsorship of a meeting venue and/or 
refreshments is tax-deductible and all financial contributions can be made 
online using the online chapter donation button. We encourage organization 
and individual supporters of our ethics & principals to become a voting 
MEMBER. More information on how to become a member could be found here: 
http://www.owasp.org/Membership
**************************************************************************************************************************************************

******************************************************
This document is strictly confidential and is intended for use by the addressee unless otherwise indicated.

This email has been scanned by an external email security system.

Allied Irish Banks

AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173

Please consider the environment before printing this e-mail. 
******************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ireland/attachments/20100505/afeeff75/attachment.html 


More information about the Owasp-ireland mailing list