[Owasp-malaysia] OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy in t
dump2sia at hotmail.com
Mon Jul 30 01:15:08 EDT 2007
Count me in for the meeting... Why not we have a kickoff meeting and decide how we want to continue with our chapter?
How about KLCC?
Date: Mon, 30 Jul 2007 11:01:05 +0800From: dawuds at gmail.comTo: adli.wahid at gmail.comCC: owasp-malaysia at lists.owasp.orgSubject: Re: [Owasp-malaysia] OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy in the 21st Century" : Thursday 6th Sep 2007Salam Adli,Yup, the list is quite dead... not many interested... in the list. We can setup an initial meeting for anyone still interested. Suggest Sat 18/08 any venues ? maybe uni ? don't mind handing over the chapter management to anyone willing to take it up.. :) ..dawud
On 7/27/07, Adli Abdul Wahid <adli.wahid at gmail.com> wrote:
Hello all,> If your local chapter is sleeping on the wheel , them this is a great time> to take responsibility for it (and replace the current chapter leader)I feel that owasp-malaysia is pretty much dead. Maybe the chapter leader can decide quickly what happens next.- adliOn 7/26/07, Dinis Cruz <dinis at ddplus.net> wrote:> OWASP subscribers, this is a call to action :) >> See below (and online> https://www.owasp.org/index.php/OWASP_Day ) our ideas for> the organization of an OWASP Day on 6th Sep 2007>> Some comments:>> There are currently only 10 chapters committed to participate but we have 94> registered chapters (see> https://www.owasp.org/index.php/Category:OWASP_Chapter ).> So come on, chapter leader get your act together and organize your local> event> Sebastien Deleersnyder s our Chapter Master , so any questions about chapter > stuff talk to him> This could be a great opportunity to promote OWASP locally, so please be as> active as you can and contribute with ideas, actions and leadership> At the moment me and Mike de Libero (CCed) are the main global organizers > for this event, so feel free to contact us with your questions (we will need> more help!) Let's make this happen>> Dinis Cruz> Chief OWASP Evangelist> http://www.owasp.org>>> OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy> in the 21st Century" : Thursday 6th Sep 2007>> OWASP Day is the current proposed title for the day where multiple > mini-conference will be staged by the local OWASP Chapters during the Global> Security Week.>> This is also a good opportunity to increase awareness on OWASP and to> motivate local OWASP Chapters to organize bigger events. > Chapters currently participating> London> NYNJMetro> Turkey> Texas Roundup (with Austin + Houston)> Seattle> Phoenix> Israel (scheduled for Wed 5th)> Boston (scheduled for Wed 5th) > Italy> San Jose + San Francisco> (more to be confirmed)> Rules of Engagement> Each Chapter is responsible for organizing all details regarding the local> event> OWASP will issue a global Request for Proposals for all chapters that > commit to organizing such event by the 7th of August> OWASP will try to get some funding for this event which will be allocated> to 'OWASP / Educational materials' for distribution at each event (see below > details on sponsoring this event)> OWASP (and the local chapters) will try to organize live feeds of each> event so that each local conference can interact with the other :)> Event layout>> Each chapter is free to organize its mini conference and to define how long> it should last.>> But within the spirit of the event the following ideas are proposed:> The topic of the event should be on "Privacy in the 21st Century", so all > talks should be related to it (we should be addressing the Web Application> side of Privacy (for example what happens to Privacy with SQL Injection, XSS> and issues like pdp's Snoop onto Them as they Snoop onto us) > The event should have 4 to 5 speaking slots (can be 30m if required)> If possible, invite a presenter from the local government to talk about> their views on the subject> Presentation from a local OWASP Project leader about his/hers project ( i.e.> for the cases where a leader of an OWASP Project lives locally (or will be> in that city during the event)> All events are recommended to have the same panel discussion on the subject> "What is the current state of Privacy on Web Application Security? and what > should we be focusing on?"). After the panel discussion, each local chapters> is invited to create a summary of its conclusions for publishing on the> OWASP website> "Talk 'Lets get rid of 3 major sources of vulnerabilities: > CROSS-SITE SCRIPTING: 70-90% of web applications have Cross-Site Scripting> (XSS) holes. You must *both* carefully validate input and use HTML entity> encoding on all data output.> SQL INJECTION: If your queries are a bunch of strings and user input > concatenated together, your database could be attacked with SQL Injection.> Stamp out this attack by using "parameterized" queries, such as Java's> PreparedStatement instead.> SESSION EXPOSURE: Your SESSIONIDs are *just* as valuable as usernames and > passwords, so make sure you never expose them. Don't ever allow> authenticated SESSIONIDs to be sent without SSL or exposed in the URL."> Organizers>> In addition to the local chapter leaders, Dinis Cruz and Mike de Libero are > the main points of contact (but of course much more help is needed :) )> Sponsoring this event>> Global Sponsorship>> The proposed sponsorship value is 10,000 USD which will give the sponsors: > OWASP Day sponsorship status on OWASP website and local event's venue> (if required) Distribution of material at local event's venue>> Local Sponsorship>> To be organized and arranged by each local chapter (this usually covers the > costs of: venue, drinks and food)> Global Security Week (GWS)>> For more details on the (GWS) see:> http://www.globalsecurityweek.com/ > http://www.globalsecurityweek.com/html/national_activities.html> http://www.globalsecurityweek.com/html/gsw_06.html> (Resources)>> And here is a description from one the organizers:>> The aim of Global Security Week is to raise security awareness amongst the > public and organizations about issues relating to security, primarily> information security. This year's theme is on the subject of privacy and we> hope that a number of events will be held worldwide to promote people's > awareness as to how to protect their privacy when online and also educate> companies on their responsibilities, both legal and morally, when it comes> to protecting the privacy of their customers. Global Security Week is a > totally voluntary initiative and we have no commercial funding or agenda.> The initiative is funded entirely from the committee's own funds and time.> We have people involved in Global Security Week throughout the world and > during the week we have events planned in different regions. For example> here in Ireland I plan to run a free seminar on the above topic open to> anyone who wished to attend>> We ask that those who wish to become involved, help promote Global Security > Week in their region either by running specific events dedicated to Global> Security Week, taking part in events already planned or simply making people> aware that the week is on and the topic is "Privacy in the 21st Century". > Even simply making people aware of Global Security Week and directing them> to the website is a great help. Not having commercial funding we depend on> word of mouth and like minded individuals to make people aware of the week. > Other Ideas> Create a Security Manifest that will be 'signed' by all attendees> Distributed capture the flag (where each local chapter plays has a team> (against the other chapters)) >--http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2DA9DA7F_______________________________________________Owasp-malaysia mailing listOwasp-malaysia at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-malaysia
Call friends with PC-to-PC calling for free!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-malaysia