[Owasp-twincities] June 19, Top 10 Web Services Security and OWASP Top 10 v2007

Robert Sullivan msp.sullivan at gmail.com
Wed Jun 13 10:41:09 EDT 2007


*June 19 OWASP Agenda: ***

6:00pm - Food, Introduction and optional sign-in for CISSP credits.

6:10pm - "OWASP Top Ten" (Sam Buchanan)

6:40pm – Top Ten Web Services Security Issues (Gunnar Peterson)

7:15pm Book Review (any volunteers?)

7:30pm - Book Giveaway: (we still need one)

7:35pm - Upcoming Events:

* *

*OWASP Top Ten 2007*

This totally re-written edition lists the most serious web application
vulnerabilities, discusses how to protect against them, and provides links
to more information.



The primary aim of the OWASP Top 10 is to educate developers, designers,
architects and organizations about the consequences of the most common web
application security vulnerabilities. The Top 10 provides basic methods to
protect against these vulnerabilities – a great start to your secure coding
security program.

Sam has been using the OWASP Top 10 as a training and awareness tool in his
organization. Join us to find out how you can put it to use.



http://www.owasp.org/index.php/Top_10_2007

* *

*Top Ten Web Services Security Issues*

Gunnar has compiled a list of Web Services security issues. This comes from
his recent, practical experience and feedback from students that have
attended his Web Services Security seminars. This session will give you
practical advice and a clear sense of which issues are the most important.



Gunnar has also just returned from OWASP Helsinki and the OWASP Conference
in Madrid. This is a great chance to find out what is happening in Europe.

* *

*Where: Integral Business Solutions*

2277 Highway 36 West, Suite 160.

(for Mapquest you have to use the address 2277 Highway 36 Service road.)



http://www.mapquest.com/maps/map.adp?formtype=address&addtohistory=&address=2277%20Highway%2036%20W&city=Roseville&state=MN&zipcode=55113%2d3804&country=US&geodiff=1



EASY ACCESS FROM THE NORTH:

1. Exit I-35 at Country Road C.

2. Go WEST on County Road C to Long Lake Road

3. Turn LEFT on Long Lake Road to Highway 36 Frontage Road

4. Turn Right on Highway 36 Frontage Road to Property.



EASY ACCESS FROM THE SOUTH

1. Take 94 NORTH to Highway 280

2. Take Highway 280 to Terminal Road exit (left lane).

3. Turn RIGHT onto Highway 36 Frontage to the property.



EASY ACCESS FROM THE EAST:

1. Take Highway 36 to I-35W North

2. Exit I-35 at Country Road C.

3. Go WEST on County Road C to Long Lake Road

4. Turn LEFT on Long Lake Road to Highway 36 Frontage Road

5. Turn RIGHT on Highway 36 Frontage Road to Property



EASY ACCESS FROM THE WEST:

1. Take I-35W to the Industrial Blvd exit.

2. Turn RIGHT onto Industrial Blvd.

3. Turn LEFT onto Broadway.

4. Turn LEFT on Highway 280.

5. Take Highway 280 to Terminal Road exit (left lane).
6. Turn RIGHT onto Highway 36 Frontage Road to the property.

The front door locks at 6:00pm. If you are late call the cell number we
posted there or call Lorna's cell at: 651-338-0243



*Future meeting plans: ***

Dates:

Third Tues. of  alternating months:

June 19, Aug 21, October 16, Dec: leaders lunch

(ISSA meets on 3rd Tues. of the other months Jan., Mar....)

*Speaker Bios:*

Sam Buchanan is a Web Application Developer for Minnesota State Colleges &
Universities (MNSCU). He has presented the OWASP Top 10 before and is a
charter member of the Twin Cities Chapter.



Gunnar Peterson

Managing Principal, Arctec Group.

Editor, Build Security In software security column for IEEE Security &
Privacy Journal.

Primary and contributing author for DHS/CERT Build Security In portal on Web
Services Security, Identity, and Risk Management.

Project lead: OWASP XML Security Gateway Evaluation Criteria Project.

Associate Editor, Information Security Bulletin

Contributor, Web Application Firewall Evaluation Criteria



*Upcoming Events:*

OWASP AppSec San Jose 2007, October**

*Future Topics:*

These could include an active tools market:
- Source Code Analysis
- Automated Web App. Testing
- Web App Firewalls
- XML Security
- Database Security
- Identity Management
- Biometrics
- Cryptography

Alternatively, it would be of great benefit to present something legislation
or industry specific:
- Homeland Security
- Payment Card Institute (PCI) Data Security Standards (DSS)  Compliance
- Sarbanes Oxley
- Building a web application security practice



That's it, "stick to the code"

Robert E Sullivan, Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-twincities/attachments/20070613/f005796e/attachment.html 


More information about the Owasp-twincities mailing list