[Owasp-twincities] Next meeting: Monday June 16th at 6:00 pm and a LOTS of great announcements!

Kuai Hinojosa kuai.hinojosa at gmail.com
Thu Jun 5 17:08:04 EDT 2008


*Hello World!*

I wanted to make a few announcements to the group. First I wanted to let
everyone know I relocated to the east coast, this is why you may see my name
mentioned in the NY/NJ Metro local chapter as one of the board members.
Second, this does not mean I am planning to stop leading the Minneapolis -
St. Paul Chapter. I am planning to do so until the year is up or until any
local member interested in leading the chapter contacts me.  I will be
involved in OWASP and will support our MSP chapter in any possible way I
can. I truly believe we have a great group of security professionals and
supporters and I want to be part of it.  With that said, being in the east
coast will also be good opportunity for our group as I am planning to share
resources and forces with other OWASP chapters in the area.

I also have another great announcement to make. We are currently planning a
mini OWASP conference for the month of October in Minneapolis. Gary McGraw
has expressed his interest and he will possibly be our keynote speaker for
this event. I have a good list of speakers and people interested in
participating in a discussion panel. Rohyt Belani will be offering a
training session during this conference, and we have more great stuff we are
planning for this event. Stay tuned! I will be providing more information
through the upcoming months.

Please remember NYC AppSec 08 conference. This is going to be the largest
OWASP conference ever, great speakers including the OWASP founders and great
tracks! Please see the site for more information.

http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#OWASP_NYC_AppSec_2008_-_September_22th-25th_2008

Also, we are looking for people who want to help us with the ESAPI project.
We need to provide sample code, revise and update documentation, review and
test the ESAPI code.  Dinis Cruz, one of the founder of OWASP is offering us
monetary incentive through the Season of code project. This is a great
opportunity for students and other members interested in contributing to a
KEY OWASP project. OWASP is budgeting about $10,000 to start for these
projects and this includes the ESAPI.  Get  involved!  Check the links below
for more information!

https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008
https://www.owasp.org/index.php/OWASP_Request_for_Proposal_List

Last thing, I was told that only 4 members of our local chapter have
registered with OWASP and pay their dues. We don't enforce registration or
paying dues but I cannot stress this enough folks. This is a non for profit
organization, we rely on your support to make all these great things happen
please contact us if you or your company would like to sponsor any of these
events.  We need everyone's support! all the contributions go to pay for the
travel costs of the speakers, food and beverages, location of the events and
great initiatives such as the mini OWASP conference we are currently working
on.

If you have any suggestions, comments or topic ideas feel free to post them
to the mailing list. Get involved!!


*Next meeting:* Monday June 16th at 6:00 pm



*Tony Stieber *– How not to Implement Encryption for the OWASP Top 10



*Topic Overview:*

How *NOT* to implement encryption for the OWASP Top Ten. Three out of the
ten items in the OWASP Top Ten are related to encryption. These items, A7,
A8, and A9, are merely misuse or non-use of well-known and readily available
tools. Best practices will be explained and illustrated with
counter-examples with the goal of explaining how web applications and
cryptography meet.



*Speaker Bio:*

Tony Stieber has been working in the information security industry for over
12 years, with 8 of those years in the Fortune 100. His past experience
includes mainframes, supercomputers, military and commercial firewalls,
medical diagnostic systems, dot com ventures, retail environments, large
financial systems, and cryptology.



*Time:* 6:00 pm

*Location:* MnScu Minneapolis Campus (1501 Hennepin Ave), Whitney Center,
Room L3100 (3rd Floor)

*Agenda:*

            6:00 pm - Introduction and Optional sign-in for CISSP credits

            6:10 pm - Welcome: OWASP chapter updates (Kuai Hinojosa)

            6:20 pm – Encryption (Tony Stieber)

            7:55 pm – break

            8:05 pm – Book Giveaway

            8:10 pm  - Upcoming Events reminder and meeting wrap – up



Link to MnScu Campus Map:

http://www.minneapolis.edu/campusmaps/index.cfm

According to the information, people park in the ramp (R) - move through the
T building (T) and go to Whitney Hall (L).



*RSVP:  http://www.go-integral.net/?q=TonySJune*

*Meeting Sponsor:*  Integral Business Solutions    **

* *

*Next Meeting:  *Monday July 7th**

Gunnar Peterson (Arctec)  will be presenting "Breaking Web Services". Gunnar
gave this talk with Brian Chess at the past RSA conference. Another
interesting topic don't forget to bring lots of questions to this
presentation as well.

*Time:* 6:00 pm

*Location:* MnScu Minneapolis Campus (1501 Hennepin Ave), Whitney Center,
Room L3100 (3rd Floor)

*Agenda:*

            6:00 pm - Introduction and Optional sign-in for CISSP credits

            6:10 pm - Welcome: OWASP chapter updates (Kuai Hinojosa)

            6:20 pm – Gunnar Peterson

            7:55 pm – break

            8:05 pm – Book Giveaway

            8:10 pm  - Upcoming Events reminder and meeting wrap – up

*Next Meeting: *September date TBA

Brian Chess (Fortify Software)

Creating secure code requires more than just good intentions. Programmers
need to know how to make their code safe in an almost infinite number of
scenarios and configurations. Static source code analysis gives users the
ability to review their work with a fine tooth comb and uncover the kinds of
errors that lead directly to vulnerabilities. This talk frames the software
security problem and shows how static analysis is part of the solution.

Highlights include:
- The most common security short-cuts and why they lead to security failures
- Why programmers are in the best position to get security right
- Where to look for security problems
- How static analysis helps
- The critical attributes and algorithms that make or break a static
analysis tool

We will look at how static analysis works, how to integrate it into the
software development processes, and how to make the most of it during
security code review.

*Time:* 6:00 pm

*Location:* MnScu Minneapolis Campus (1501 Hennepin Ave), Whitney Center,
Room L3100 (3rd Floor)

*Agenda:*

            6:00 pm - Introduction and Optional sign-in for CISSP credits

            6:10 pm - Welcome: OWASP chapter updates (Kuai Hinojosa)

            6:20 pm – Brian Chess

            7:55 pm – break

            8:05 pm – Book Giveaway

            8:10 pm  - Upcoming Events reminder and meeting wrap – up


*Again we are looking for sponsors for meetings and book giveaway. Contact
Lorna or Kuai if you are interested in sponsoring either.*

-- 
Kuai Hinojosa
OWASP (MSP) Chapter Leader
http://www.owasp.org/index.php/Minneapolis_St_Paul

OWASP (NYC/NJ) Board member
http://www.owasp.org/index.php/NYNJMetro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-twincities/attachments/20080605/1fece8a4/attachment.html 


More information about the Owasp-twincities mailing list