The San Antonio chapter of OWASP is lucky to be hosting a special meeting with a presentation from OWASP Board Member Dinis Cruz on Friday August 13th, 2010. Dinis is doing a whirlwind tour of US-based OWASP chapters to talk about two big topics:
1. How OWASP Works / Guided Tour of OWASP Projects
2. Using the O2 Platform to Consume OWASP Projects
More information below:
San Antonio OWASP Chapter: Fri. August 13, 2010
Topic: 1)How OWASP Works and Guided Tour of OWASP Projects /
2) Using the O2 Platform to Consume OWASP projects
Presenter: Dinis Cruz
Date: Friday, August 13, 2010, 2010 11:30am – 1:00pm
San Antonio Technology Center (Web Room)
3463 Magic Drive
San Antonio, TX 78229
1) How OWASP Works and Guided Tour of OWASP Projects – This presentation will focus on my experience in getting things done at OWASP, what resources are available and what types of initiatives should the local chapters be doing. In addition to a quick overview of a number of key OWASP projects, this talk will also provide a tutorial on how the OWASP WIKI (MediaWiki based) can be used as a database (using the MediaWiki templates technology)
2) Using the O2 Platform to Consume OWASP projects – This presentation will focus on how to consume the OWASP Wiki and a number of OWASP projects using the OWASP O2 Platform. The O2 Platform has powerful technology and capabilities for both BlackBox and WhiteBox analysis and this presentation will provide examples on how to use O2 with: WebGoat, WebScarab, Code Crawler, Dir Buster, Testing Guide, Code Review Guide and OpenSAMM
The O2 Platform is focused on automating application security knowledge and workflows. It is specifically designed for developers and security consultants to be able to perform quick, effective and thorough ‘source-code-driven’ application security reviews (BlackBox + WhiteBox). In addition to the manual findings created/discovered by security consultants, the OWASP O2 Platform allows the easy consumption of results from multiple OWASP projects and commercial scanning tools. This allows security consultants to find, exploit and automate (via Unit Tests) security vulnerabilities usually dismissed by the community as impossible to find/recreate. More importantly, it provides the Security Consultants a mechanism to: a) ‘talk’ with developers (via UnitTest) , b) give developers a way to replicate + “check if it’s fixed” the vulnerabilities reported and c) engage on a two-way conversion on the best way to fix/remediate those vulnerabilities.
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce’s technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.
Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers.
Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences
Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.
Please RSVP: E-mail firstname.lastname@example.org or call (210) 572-4400.
dan _at_ denimgroup.com