[Owasp-malaysia] OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy in the 21st Century" : Thursday 6th Sep 2007

Muhd Dawud dawuds at gmail.com
Sun Jul 29 23:01:05 EDT 2007


Salam Adli,

Yup, the list is quite dead... not many interested... in the list. We can
setup an initial meeting for anyone still interested. Suggest Sat 18/08 any
venues ? maybe uni ? don't mind handing over the chapter management to
anyone willing to take it up.. :)

..dawud



On 7/27/07, Adli Abdul Wahid <adli.wahid at gmail.com> wrote:
>
> Hello all,
>
> > If your local chapter is sleeping on the wheel , them this is a great
> time
> > to take responsibility for it (and replace the current chapter leader)
>
> I feel that owasp-malaysia is pretty much dead. Maybe the chapter
> leader can decide quickly what happens next.
>
> - adli
>
>
>
> On 7/26/07, Dinis Cruz <dinis at ddplus.net> wrote:
> > OWASP subscribers, this is a call to action :)
> >
> > See below (and online
> > https://www.owasp.org/index.php/OWASP_Day )  our ideas for
> > the organization of an OWASP Day on 6th Sep 2007
> >
> > Some comments:
> >
> > There are currently only 10 chapters committed to participate but we
> have 94
> > registered chapters (see
> > https://www.owasp.org/index.php/Category:OWASP_Chapter ).
> > So come on, chapter leader get your act together and organize your local
> > event
> > Sebastien Deleersnyder s our Chapter Master , so any questions about
> chapter
> > stuff talk to him
> > This could be a great opportunity to promote OWASP locally, so please be
> as
> > active as you can and contribute with ideas, actions and leadership
> > At the moment me and Mike de Libero (CCed) are the main global
> organizers
> > for this event, so feel free to contact us with your questions (we will
> need
> > more help!) Let's make this happen
> >
> > Dinis Cruz
> > Chief OWASP Evangelist
> >  http://www.owasp.org
> >
> >
> >  OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic
> "Privacy
> > in the 21st Century" : Thursday 6th Sep 2007
> >
> > OWASP Day is the current proposed title for the day where multiple
> > mini-conference will be staged by the local OWASP Chapters during the
> Global
> > Security Week.
> >
> > This is also a good opportunity to increase awareness on OWASP and to
> > motivate local OWASP Chapters to organize bigger events.
> > Chapters currently participating
> >  London
> >  NYNJMetro
> >  Turkey
> >  Texas Roundup (with Austin + Houston)
> >  Seattle
> >  Phoenix
> >  Israel (scheduled for Wed 5th)
> >  Boston (scheduled for Wed 5th)
> >  Italy
> >  San Jose + San Francisco
> >  (more to be confirmed)
> > Rules of Engagement
> >  Each Chapter is responsible for organizing all details regarding the
> local
> > event
> >  OWASP will issue a global Request for Proposals for all chapters that
> > commit to organizing such event by the 7th of August
> >  OWASP will try to get some funding for this event which will be
> allocated
> > to 'OWASP / Educational materials' for distribution at each event (see
> below
> > details on sponsoring this event)
> >  OWASP (and the local chapters) will try to organize live feeds of each
> > event so that each local conference can interact with the other :)
> > Event layout
> >
> > Each chapter is free to organize its mini conference and to define how
> long
> > it should last.
> >
> > But within the spirit of the event the following ideas are proposed:
> >  The topic of the event should be on "Privacy in the 21st Century", so
> all
> > talks should be related to it (we should be addressing the Web
> Application
> > side of Privacy (for example what happens to Privacy with SQL Injection,
> XSS
> > and issues like pdp's Snoop onto Them as they Snoop onto us)
> >  The event should have 4 to 5 speaking slots (can be 30m if required)
> >  If possible, invite a presenter from the local government to talk about
> > their views on the subject
> >  Presentation from a local OWASP Project leader about his/hers project (
> i.e.
> > for the cases where a leader of an OWASP Project lives locally (or will
> be
> > in that city during the event)
> >  All events are recommended to have the same panel discussion on the
> subject
> > "What is the current state of Privacy on Web Application Security? and
> what
> > should we be focusing on?"). After the panel discussion, each local
> chapters
> > is invited to create a summary of its conclusions for publishing on the
> > OWASP website
> >  "Talk 'Lets get rid of 3 major sources of vulnerabilities:
> >  CROSS-SITE SCRIPTING: 70-90% of web applications have Cross-Site
> Scripting
> > (XSS) holes. You must *both* carefully validate input and use HTML
> entity
> > encoding on all data output.
> >  SQL INJECTION: If your queries are a bunch of strings and user input
> > concatenated together, your database could be attacked with SQL
> Injection.
> > Stamp out this attack by using "parameterized" queries, such as Java's
> > PreparedStatement instead.
> >  SESSION EXPOSURE: Your SESSIONIDs are *just* as valuable as usernames
> and
> > passwords, so make sure you never expose them. Don't ever allow
> > authenticated SESSIONIDs to be sent without SSL or exposed in the URL."
> > Organizers
> >
> > In addition to the local chapter leaders, Dinis Cruz and Mike de Libero
> are
> > the main points of contact (but of course much more help is needed :) )
> > Sponsoring this event
> >
> > Global Sponsorship
> >
> > The proposed sponsorship value is 10,000 USD which will give the
> sponsors:
> >  OWASP Day sponsorship status on OWASP website and local event's venue
> >  (if required) Distribution of material at local event's venue
> >
> > Local Sponsorship
> >
> > To be organized and arranged by each local chapter (this usually covers
> the
> > costs of: venue, drinks and food)
> > Global Security Week (GWS)
> >
> > For more details on the (GWS) see:
> >  http://www.globalsecurityweek.com/
> > http://www.globalsecurityweek.com/html/national_activities.html
> >  http://www.globalsecurityweek.com/html/gsw_06.html
> > (Resources)
> >
> > And here is a description from one the organizers:
> >
> > The aim of Global Security Week is to raise security awareness amongst
> the
> > public and organizations about issues relating to security, primarily
> > information security. This year's theme is on the subject of privacy and
> we
> > hope that a number of events will be held worldwide to promote people's
> > awareness as to how to protect their privacy when online and also
> educate
> > companies on their responsibilities, both legal and morally, when it
> comes
> > to protecting the privacy of their customers. Global Security Week is a
> > totally voluntary initiative and we have no commercial funding or
> agenda.
> > The initiative is funded entirely from the committee's own funds and
> time.
> > We have people involved in Global Security Week throughout the world and
> > during the week we have events planned in different regions. For example
> > here in Ireland I plan to run a free seminar on the above topic open to
> > anyone who wished to attend
> >
> > We ask that those who wish to become involved, help promote Global
> Security
> > Week in their region either by running specific events dedicated to
> Global
> > Security Week, taking part in events already planned or simply making
> people
> > aware that the week is on and the topic is "Privacy in the 21st
> Century".
> > Even simply making people aware of Global Security Week and directing
> them
> > to the website is a great help. Not having commercial funding we depend
> on
> > word of mouth and like minded individuals to make people aware of the
> week.
> > Other Ideas
> >  Create a Security Manifest that will be 'signed' by all attendees
> >  Distributed capture the flag (where each local chapter plays has a team
> > (against the other chapters))
> >
>
>
> --
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2DA9DA7F
> _______________________________________________
> Owasp-malaysia mailing list
> Owasp-malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20070730/fb868044/attachment.html 


More information about the Owasp-malaysia mailing list