[Owasp-malaysia] OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy in the 21st Century" : Thursday 6th Sep 2007

Adli Abdul Wahid adli.wahid at gmail.com
Fri Jul 27 00:03:29 EDT 2007

Hello all,

> If your local chapter is sleeping on the wheel , them this is a great time
> to take responsibility for it (and replace the current chapter leader)

I feel that owasp-malaysia is pretty much dead. Maybe the chapter
leader can decide quickly what happens next.

- adli

On 7/26/07, Dinis Cruz <dinis at ddplus.net> wrote:
> OWASP subscribers, this is a call to action :)
> See below (and online
> https://www.owasp.org/index.php/OWASP_Day )  our ideas for
> the organization of an OWASP Day on 6th Sep 2007
> Some comments:
> There are currently only 10 chapters committed to participate but we have 94
> registered chapters (see
> https://www.owasp.org/index.php/Category:OWASP_Chapter ).
> So come on, chapter leader get your act together and organize your local
> event
> Sebastien Deleersnyder s our Chapter Master , so any questions about chapter
> stuff talk to him
> This could be a great opportunity to promote OWASP locally, so please be as
> active as you can and contribute with ideas, actions and leadership
> At the moment me and Mike de Libero (CCed) are the main global organizers
> for this event, so feel free to contact us with your questions (we will need
> more help!) Let's make this happen
> Dinis Cruz
> Chief OWASP Evangelist
>  http://www.owasp.org
>  OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy
> in the 21st Century" : Thursday 6th Sep 2007
> OWASP Day is the current proposed title for the day where multiple
> mini-conference will be staged by the local OWASP Chapters during the Global
> Security Week.
> This is also a good opportunity to increase awareness on OWASP and to
> motivate local OWASP Chapters to organize bigger events.
> Chapters currently participating
>  London
>  NYNJMetro
>  Turkey
>  Texas Roundup (with Austin + Houston)
>  Seattle
>  Phoenix
>  Israel (scheduled for Wed 5th)
>  Boston (scheduled for Wed 5th)
>  Italy
>  San Jose + San Francisco
>  (more to be confirmed)
> Rules of Engagement
>  Each Chapter is responsible for organizing all details regarding the local
> event
>  OWASP will issue a global Request for Proposals for all chapters that
> commit to organizing such event by the 7th of August
>  OWASP will try to get some funding for this event which will be allocated
> to 'OWASP / Educational materials' for distribution at each event (see below
> details on sponsoring this event)
>  OWASP (and the local chapters) will try to organize live feeds of each
> event so that each local conference can interact with the other :)
> Event layout
> Each chapter is free to organize its mini conference and to define how long
> it should last.
> But within the spirit of the event the following ideas are proposed:
>  The topic of the event should be on "Privacy in the 21st Century", so all
> talks should be related to it (we should be addressing the Web Application
> side of Privacy (for example what happens to Privacy with SQL Injection, XSS
> and issues like pdp's Snoop onto Them as they Snoop onto us)
>  The event should have 4 to 5 speaking slots (can be 30m if required)
>  If possible, invite a presenter from the local government to talk about
> their views on the subject
>  Presentation from a local OWASP Project leader about his/hers project (i.e.
> for the cases where a leader of an OWASP Project lives locally (or will be
> in that city during the event)
>  All events are recommended to have the same panel discussion on the subject
> "What is the current state of Privacy on Web Application Security? and what
> should we be focusing on?"). After the panel discussion, each local chapters
> is invited to create a summary of its conclusions for publishing on the
> OWASP website
>  "Talk 'Lets get rid of 3 major sources of vulnerabilities:
>  CROSS-SITE SCRIPTING: 70-90% of web applications have Cross-Site Scripting
> (XSS) holes. You must *both* carefully validate input and use HTML entity
> encoding on all data output.
>  SQL INJECTION: If your queries are a bunch of strings and user input
> concatenated together, your database could be attacked with SQL Injection.
> Stamp out this attack by using "parameterized" queries, such as Java's
> PreparedStatement instead.
>  SESSION EXPOSURE: Your SESSIONIDs are *just* as valuable as usernames and
> passwords, so make sure you never expose them. Don't ever allow
> authenticated SESSIONIDs to be sent without SSL or exposed in the URL."
> Organizers
> In addition to the local chapter leaders, Dinis Cruz and Mike de Libero are
> the main points of contact (but of course much more help is needed :) )
> Sponsoring this event
> Global Sponsorship
> The proposed sponsorship value is 10,000 USD which will give the sponsors:
>  OWASP Day sponsorship status on OWASP website and local event's venue
>  (if required) Distribution of material at local event's venue
> Local Sponsorship
> To be organized and arranged by each local chapter (this usually covers the
> costs of: venue, drinks and food)
> Global Security Week (GWS)
> For more details on the (GWS) see:
>  http://www.globalsecurityweek.com/
> http://www.globalsecurityweek.com/html/national_activities.html
>  http://www.globalsecurityweek.com/html/gsw_06.html
> (Resources)
> And here is a description from one the organizers:
> The aim of Global Security Week is to raise security awareness amongst the
> public and organizations about issues relating to security, primarily
> information security. This year's theme is on the subject of privacy and we
> hope that a number of events will be held worldwide to promote people's
> awareness as to how to protect their privacy when online and also educate
> companies on their responsibilities, both legal and morally, when it comes
> to protecting the privacy of their customers. Global Security Week is a
> totally voluntary initiative and we have no commercial funding or agenda.
> The initiative is funded entirely from the committee's own funds and time.
> We have people involved in Global Security Week throughout the world and
> during the week we have events planned in different regions. For example
> here in Ireland I plan to run a free seminar on the above topic open to
> anyone who wished to attend
> We ask that those who wish to become involved, help promote Global Security
> Week in their region either by running specific events dedicated to Global
> Security Week, taking part in events already planned or simply making people
> aware that the week is on and the topic is "Privacy in the 21st Century".
> Even simply making people aware of Global Security Week and directing them
> to the website is a great help. Not having commercial funding we depend on
> word of mouth and like minded individuals to make people aware of the week.
> Other Ideas
>  Create a Security Manifest that will be 'signed' by all attendees
>  Distributed capture the flag (where each local chapter plays has a team
> (against the other chapters))


More information about the Owasp-malaysia mailing list