[Owasp-portland] Owasp-portland Digest, Vol 20, Issue 6

Aaron Hockett AHockett at warnerpacific.edu
Tue Mar 20 16:18:11 UTC 2012


This actually sounds really cool but April for me isn't going to work.
If we had this in May, I would definitely put it on the calendar.


-----Original Message-----
From: owasp-portland-bounces at lists.owasp.org
[mailto:owasp-portland-bounces at lists.owasp.org] On Behalf Of
owasp-portland-request at lists.owasp.org
Sent: Tuesday, March 20, 2012 5:03 AM
To: owasp-portland at lists.owasp.org
Subject: Owasp-portland Digest, Vol 20, Issue 6

Send Owasp-portland mailing list submissions to
	owasp-portland at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
	owasp-portland-request at lists.owasp.org

You can reach the person managing the list at
	owasp-portland-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Owasp-portland digest..."

Today's Topics:

   1. Re: "FLOSSHack" in early April? (Timothy D. Morgan)
   2. Re: Chapter Meeting - April 23 (Matthew Lapworth)


Message: 1
Date: Mon, 19 Mar 2012 09:15:06 -0700
From: "Timothy D. Morgan" <tmorgan-owasp at vsecurity.com>
To: owasp-portland at lists.owasp.org
Subject: Re: [Owasp-portland] "FLOSSHack" in early April?
Message-ID: <4F675B8A.1040002 at vsecurity.com>
Content-Type: text/plain; charset=ISO-8859-1

I've received just two responses to this posting.  I'm pretty sure more
people than that are interested, considering how many eyes I've seen
light up when I describe it, but I think it is important to get more
input on the types of applications people would be interested in

Early April is also getting pretty busy for me, so if I don't get some
more feedback, I'll probably postpone this until May where I can get the
word out to more audiences.


On 03/12/2012 01:55 PM, Timothy D. Morgan wrote:
> Hi Everyone,
> Thanks to those were able to make it to our meeting last week.  We had

> about 10-11 attendees plus our speaker and a couple of his friends, so

> it was a solid turn out.
> Next on my radar is to flesh out this idea I've been wanting to try
>  In the interest of having a catchy name, I'm calling it "FLOSSHack"
> (for Free/Libre Open Source Software Hacking).  Feel free to suggest a

> catchier name.  Here's the gist of it:
> 1. Gather together folks who are interested in getting down and dirty 
> in technical details to sharpen their penetration testing and security

> code review skills.
> 2. Select a FLOSS application that people are interested in testing.
> Let people work on their own for a week or so before a meeting.
> 3. Sit down together to discover and discuss as many vulnerabilities 
> as possible that were found in the application.  Discuss secific 
> exploitation scenarios and mitigation strategies. Openly share all of 
> the results of testing within the group (but avoid sharing publicly 
> just yet).
> 4. Work with the developer of the software to address the issues 
> through a responsible disclosure process.  Those who discover bugs get

> full public credit for the issues they find (if they wish) and 
> experience in responsible notification and interaction with software
> I expect there will be a number of details to work out, but I would 
> like to take a quick poll on a few things.  If you don't mind taking a

> couple of minutes to answer these questions (sent back to the list, 
> preferably), that would be great:
> A. Would you be interested in participating in such an event?
>    If "no", stop here.
> B. What kinds of vulnerabilities are you most interested in learning
>    about? (e.g. SQL injection, buffer overflows, XXE, ...)
> C. What technologies/development platforms are you most experienced
>    with?  What technologies/development platforms are you most
>    interested in learning more about?
> D. Do you have suggestions for what open source projects you would
>    to perform an audit of?
> E. Will a FLOSSHack session on April 10 or 11 work for your schedule?


Message: 2
Date: Mon, 19 Mar 2012 16:23:37 -0700
From: Matthew Lapworth <matthewl at bit-shift.net>
To: owasp-portland at lists.owasp.org
Subject: Re: [Owasp-portland] Chapter Meeting - April 23
<CABU9uZiaEaqtvzsLOyZsigg=m_+_svfOkymokX0t_NGwxdagfQ at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hey All,

I've arranged to have this meeting at the Collective Agency in downtown
Portland, like the last one. The details are in the attached calendar
entry. Please spread the word.



On Fri, Mar 9, 2012 at 8:42 AM, Matthew Lapworth
<matthewl at bit-shift.net>wrote:

> Hey Guys,
> Jim Manico from WhiteHat Security has offered to come down to Portland

> and do a talk on Top 10 web coding defenses. I'm trying to get a gauge

> on how many people can make it to that event. I mentioned hosting this

> at Nike in Beaverton, but if we could get the Collective Agency again
for cheap (e.g.
> Free) that would be great as well.
> Let me know your thoughts.
> Thanks!
> --
> Matthew Lapworth
> http://www.bit-shift.net
> We are what we repeatedly do. Excellence then is not an act, but a
>   - Aristotle

Matthew Lapworth

We are what we repeatedly do. Excellence then is not an act, but a
  - Aristotle
-------------- next part --------------
An HTML attachment was scrubbed...


Owasp-portland mailing list
Owasp-portland at lists.owasp.org

End of Owasp-portland Digest, Vol 20, Issue 6

More information about the Owasp-portland mailing list