[Owasp-portland] Owasp-portland Digest, Vol 20, Issue 7

Adam Gaydosh adam.gaydosh at anitian.com
Fri Mar 30 01:00:53 UTC 2012


FLOSSHack sounds fun, hopefully I can attend whenever it gets scheduled, and make Jim's presentation in April as well. 

-----Original Message-----
From: owasp-portland-bounces at lists.owasp.org [mailto:owasp-portland-bounces at lists.owasp.org] On Behalf Of owasp-portland-request at lists.owasp.org
Sent: Wednesday, March 21, 2012 5:03 AM
To: owasp-portland at lists.owasp.org
Subject: Owasp-portland Digest, Vol 20, Issue 7

Send Owasp-portland mailing list submissions to
	owasp-portland at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.owasp.org/mailman/listinfo/owasp-portland
or, via email, send a message with subject or body 'help' to
	owasp-portland-request at lists.owasp.org

You can reach the person managing the list at
	owasp-portland-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Owasp-portland digest..."


Today's Topics:

   1. Re: Owasp-portland Digest, Vol 20, Issue 6 (Aaron Hockett)
   2. Re: Owasp-portland Digest, Vol 20, Issue 6 (Timothy D. Morgan)


----------------------------------------------------------------------

Message: 1
Date: Tue, 20 Mar 2012 09:18:11 -0700
From: "Aaron Hockett" <AHockett at warnerpacific.edu>
To: <owasp-portland at lists.owasp.org>
Subject: Re: [Owasp-portland] Owasp-portland Digest, Vol 20, Issue 6
Message-ID:
	<07DB504C4B29D240BE001360619FE4AF0685B9FF at email2.warnerpacific.edu>
Content-Type: text/plain;	charset="us-ascii"

Tim,

This actually sounds really cool but April for me isn't going to work.
If we had this in May, I would definitely put it on the calendar.

-Aaron

-----Original Message-----
From: owasp-portland-bounces at lists.owasp.org
[mailto:owasp-portland-bounces at lists.owasp.org] On Behalf Of
owasp-portland-request at lists.owasp.org
Sent: Tuesday, March 20, 2012 5:03 AM
To: owasp-portland at lists.owasp.org
Subject: Owasp-portland Digest, Vol 20, Issue 6

Send Owasp-portland mailing list submissions to
	owasp-portland at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.owasp.org/mailman/listinfo/owasp-portland
or, via email, send a message with subject or body 'help' to
	owasp-portland-request at lists.owasp.org

You can reach the person managing the list at
	owasp-portland-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Owasp-portland digest..."


Today's Topics:

   1. Re: "FLOSSHack" in early April? (Timothy D. Morgan)
   2. Re: Chapter Meeting - April 23 (Matthew Lapworth)


----------------------------------------------------------------------

Message: 1
Date: Mon, 19 Mar 2012 09:15:06 -0700
From: "Timothy D. Morgan" <tmorgan-owasp at vsecurity.com>
To: owasp-portland at lists.owasp.org
Subject: Re: [Owasp-portland] "FLOSSHack" in early April?
Message-ID: <4F675B8A.1040002 at vsecurity.com>
Content-Type: text/plain; charset=ISO-8859-1

I've received just two responses to this posting.  I'm pretty sure more
people than that are interested, considering how many eyes I've seen
light up when I describe it, but I think it is important to get more
input on the types of applications people would be interested in
auditing.

Early April is also getting pretty busy for me, so if I don't get some
more feedback, I'll probably postpone this until May where I can get the
word out to more audiences.

cheers,
tim


On 03/12/2012 01:55 PM, Timothy D. Morgan wrote:
> Hi Everyone,
> 
> Thanks to those were able to make it to our meeting last week.  We had

> about 10-11 attendees plus our speaker and a couple of his friends, so

> it was a solid turn out.
> 
> 
> Next on my radar is to flesh out this idea I've been wanting to try
out.
>  In the interest of having a catchy name, I'm calling it "FLOSSHack"
> (for Free/Libre Open Source Software Hacking).  Feel free to suggest a

> catchier name.  Here's the gist of it:
> 
> 1. Gather together folks who are interested in getting down and dirty 
> in technical details to sharpen their penetration testing and security

> code review skills.
> 
> 2. Select a FLOSS application that people are interested in testing.
> Let people work on their own for a week or so before a meeting.
> 
> 3. Sit down together to discover and discuss as many vulnerabilities 
> as possible that were found in the application.  Discuss secific 
> exploitation scenarios and mitigation strategies. Openly share all of 
> the results of testing within the group (but avoid sharing publicly 
> just yet).
> 
> 4. Work with the developer of the software to address the issues 
> through a responsible disclosure process.  Those who discover bugs get

> full public credit for the issues they find (if they wish) and 
> experience in responsible notification and interaction with software
maintainers.
> 
> 
> 
> I expect there will be a number of details to work out, but I would 
> like to take a quick poll on a few things.  If you don't mind taking a

> couple of minutes to answer these questions (sent back to the list, 
> preferably), that would be great:
> 
> A. Would you be interested in participating in such an event?
>    If "no", stop here.
> 
> 
> B. What kinds of vulnerabilities are you most interested in learning
>    about? (e.g. SQL injection, buffer overflows, XXE, ...)
> 
> 
> C. What technologies/development platforms are you most experienced
>    with?  What technologies/development platforms are you most
>    interested in learning more about?
> 
> 
> D. Do you have suggestions for what open source projects you would
like
>    to perform an audit of?
> 
> 
> E. Will a FLOSSHack session on April 10 or 11 work for your schedule?




------------------------------

Message: 2
Date: Mon, 19 Mar 2012 16:23:37 -0700
From: Matthew Lapworth <matthewl at bit-shift.net>
To: owasp-portland at lists.owasp.org
Subject: Re: [Owasp-portland] Chapter Meeting - April 23
Message-ID:
	
<CABU9uZiaEaqtvzsLOyZsigg=m_+_svfOkymokX0t_NGwxdagfQ at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hey All,

I've arranged to have this meeting at the Collective Agency in downtown
Portland, like the last one. The details are in the attached calendar
entry. Please spread the word.

http://calagator.org/events/1250462121

Thanks,
Matthew

On Fri, Mar 9, 2012 at 8:42 AM, Matthew Lapworth
<matthewl at bit-shift.net>wrote:

> Hey Guys,
>
> Jim Manico from WhiteHat Security has offered to come down to Portland

> and do a talk on Top 10 web coding defenses. I'm trying to get a gauge

> on how many people can make it to that event. I mentioned hosting this

> at Nike in Beaverton, but if we could get the Collective Agency again
for cheap (e.g.
> Free) that would be great as well.
>
> Let me know your thoughts.
>
> Thanks!
>
> --
> Matthew Lapworth
> http://www.bit-shift.net
>
> We are what we repeatedly do. Excellence then is not an act, but a
habit.
>   - Aristotle
>



--
Matthew Lapworth
http://www.bit-shift.net

We are what we repeatedly do. Excellence then is not an act, but a
habit.
  - Aristotle
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.owasp.org/pipermail/owasp-portland/attachments/20120319/71
788005/attachment-0001.html>

------------------------------

_______________________________________________
Owasp-portland mailing list
Owasp-portland at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-portland


End of Owasp-portland Digest, Vol 20, Issue 6
*********************************************


------------------------------

Message: 2
Date: Tue, 20 Mar 2012 17:24:09 -0700
From: "Timothy D. Morgan" <tmorgan-owasp at vsecurity.com>
To: owasp-portland at lists.owasp.org
Subject: Re: [Owasp-portland] Owasp-portland Digest, Vol 20, Issue 6
Message-ID: <4F691FA9.8060408 at vsecurity.com>
Content-Type: text/plain; charset=ISO-8859-1


> This actually sounds really cool but April for me isn't going to work.
> If we had this in May, I would definitely put it on the calendar.

Thanks for the feedback Aaron.  Yeah, I think I will shoot for sometime
in May instead.  Stay tuned.

tim

PS- This would be a great event for CS students interested in security,
if you know of any.


------------------------------

_______________________________________________
Owasp-portland mailing list
Owasp-portland at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-portland


End of Owasp-portland Digest, Vol 20, Issue 7
*********************************************





More information about the Owasp-portland mailing list