[Owasp-twincities] October meeting ideas

Sam Buchanan sam.buchanan at gmail.com
Wed Aug 9 10:05:46 EDT 2006


Thank you all for the meeting last night. Thanks especially to Pete
Palmer for his presentation on crypto and Apache configuration with
SSL/TLS. I've been out of daily Apache administration for a while; it
was refreshing to feel back in that element, if only briefly. And of
course, thanks again to Lorna for the food.

We left the meeting with an inclination to meet at the same place in
October, but without a clear agenda. I'll throw a few ideas on the
table, including what I remember from suggestions last night.

* Web services security.
* Identity management. No, no more specific than that. It's wide open, people.
* In my talk last night I mentioned the new spate of JavaScript
malware and newly understood dangers of cross-site scripting. I'd be
willing to about that in greater detail. I could even be a less
obviously hopped up on caffeine. :)
* Platform-specific web app security. Java EE, .NET, PHP...
* HTTP Request Smuggling, Response Splitting
* Log management
* Any of the OWASP projects
* SiteGenerator
* Phishing
* Security metrics
* Discuss a chapter of the OWASP Guide.

An updated OWASP Top Ten is scheduled for release at the end of the
year. I suggest that we slate some time to discuss that in February.

So. Thoughts? More ideas? Takers?



More information about the Owasp-twincities mailing list