Huntsville Alabama

Local News
Meeting Location - VERIFIED

The Huntsville chapter Committee met today (Feb 27,2010) and have official secured several high quality meeting locations. The first public meeting will be held at the new SAIC(SAIC.com) location in Huntsville’s Research Park. SAIC has also mentioned that we will have continual access to the conference room depending on the number of attendees.

Google map link to the location.

TThe SAIC conference room that is currently approved will hold approximately 10-15 attendees comfortably. Other approved locations include the new CB&amp;S Bank downtown location, and Intergraph in Huntsville. The CB&amp;S conference room i will hold 12-17 and if additional space is required Intergraph has an auditorium that would be accessible. Based on other groups, we estimate 10-30 attendees for the initial March meeting (March 24, 2010)

When the Chapter meets

The Huntsville OWASP Chapter will meet the third (3rd) Wednesday of every month. The first meeting will be in March 2010. However, due to spring break, the first public meeting will be re-scheduled to March 24, 2010. The normal meeting schedule will return in April, and the projected date is April 12-2010. Location will vary depending on RSVP.

The March 24, 2010 meeting will provide an overview of OWASP and include high level information on projects, funding, current news, future plans, and an open discussion on the local Huntsville Chapter. A short presentation on OWASP will be provided by Joshua Perrymon, who will then open the meeting to the open discussion. We urge you to attend to better understand OWASP, what the Huntsville chapter is planning, and to provide feedback on current application security issues. Chapter Meeting Times/ Schedule 11:30 -11:45 : Lunch / Social 11:45 -12:00 : Chapter News /Updates 12:00-:12:30-12:45 Talk (This is variable based on content and type of presenation) 12:45-1:00- Open Discussion / Q&amp;A / FeedBack for next meetings content


 * This is a rough schedule, but we will attempt to stick to it as close as possible. If presentations are to be over an hour appropriate announcements will be made ahead of time for scheduling. We understand that everyone can't be out of the office for several hours, and want to pack as much value and content into the alloted time as possible. The goal is for each atendee to walk away with usable information and value. If we are not doing that, thencontact us and let us know how to improve our meeting process.

Potential Training/ 1-day Application Security Conference Idea

We have discussed having a one day conference focused on Application Security. Tracks would be based on OWASP content, projects, methods, etc and how to put it all together to create and maintain an effective application security program.

Tracks/Session may be split based on technical and management focused material. This may be held Q4 2010 depending on community feedback, planning and budget. We can also start on a smaller scale to define a workable model before investing in a much larger event.

Attendees would be charged an affordable fee of $100-$250 with proceeds from the conference going directly into the Chapters OWASP PayPal fund. Vendor space would be available to help support the event as well.

Ideas/Comments may be sent to Joshua Perrymon (Josh AT PacketFocus.com) Huntsville Chapter Board Members The Huntsville Board has been selected for 2010 and had the first planning meeting February 27, 2010 at SAIC in Huntsville. The board was selected by community security leaders from a diverse background of companies. The board represents different members from various roles in each of their respective organizations to bring broad perspective, cross-industry experience, and to ensure the chapter operates effectively and provides value back to the community.

Previous Board Chairman: Joshua Perrymon: PacketFocus Previous Board Members:
 * Bob Luedeman: CB&amp;S Bank
 * Dean V. Della Pella: Intergraph
 * Mike Lyman: SAIC
 * Harold Cook: SAIC

Current board responsibilities include:

Speaker selection, budgeting/accounting, marketing, operations, integration with other security organizations, updating content, obtaining feedback from the local community, venue selection, catering, and event planning to name a few. The overall vision is to raise application security awareness among all Huntsville companies/organizations. We also want to bridge the gap between executive and technical in relation to application security to ensure a cohesive process that works from the top down.

'''Becoming a Member: Do I have to be a "member" to attend. ''' The professional association of OWASP Foundation is a not-for-profit 501c3 charitable organization not associated with any commercial product or service. OWASP is an open source project dedicated to finding and fighting the causes of insecure software to be successful we need your support. OWASP individuals, supporting educational and commercial organization form an application security community that works together to create articles, methodologies, documentation, tools, and technologies (“OWASP Materials”).

- 2009 Membership Powerpoint www.owasp.org/images/3/34/OWASP_2009MembershipDrive.ppt

Membership Page Link for full details: www.owasp.org/index.php/Membership

Membership Levels

$50 - Individual Supporters

TBD- Single Meeting Supporter

$5000 - Organization Supporters

FREE - Accredited University Supporters (www.ed.gov/admins/finaid/accred/index.html )

FREE to attend a meeting

Why Should I Become An OWASP Member or Organization Supporter

OWASP provides documentation, tools, methodologies, standards, articles, and message forums (“OWASP Materials”) as a service to Internet users worldwide to help users and developers understand more about application security. OWASP makes these materials available to end users to help them acquire, build, test, and operate secure software. In addition to the benefits you receive as described above, your membership helps to support the growth of OWASP and the development of new and improved OWASP Materials. Because we are an open, non-commercial entity, we can take on projects that commercial entities driven by profit motives could not. Everyone benefits from these projects. Your support will help OWASP continue to find and fight the causes of insecure software.

How Are Funds Used?

OWASP is a 501c3 not-for-profit foundation, and all funds go directly to support OWASP projects, grants, chapters, and infrastructure. Our funds come from conferences, memberships, advertising, and individual and organization supporter contributions. The local chapter receives 40% of membership dues to fund overhead and growth. All records are documented, and maintained by OWASP and a local Huntsville Chapter board member.

Who Must Become an OWASP Member?

'''Memberships are not required to use OWASP materials under each project's open source license. Also, anyone can participate in or contribute to an OWASP project without becoming a member. Your membership fees are what make the various OWASP projects possible.'''

How Can I Become An OWASP Member?

To become an OWASP Member, an individual or organization must: Agree to the terms and conditions of the OWASP Membership Agreement. Pay the appropriate membership fee, depending on what type of OWASP Membership is indicated. (See top of page for both) Keep OWASP updated with accurate contact and business profile information. Enrollment as an OWASP Member is required before a commercial license to use the materials is established. The term of the agreement is one year from the date of execution. We appreciate your interest in becoming an OWASP Member. Click the "Register Now" logo to begin the OWASP Member registration process:

guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx

You can also complete the Membership Form and make your payment by mail. Please contact Kate Hartmann for information on wire transfer or other processing methods.

Quick list of useful OWASP Documentation and Projects

OWASP Development Guide a massive document covering all aspects of web application and web service security (Assessment Criteria v1.0)

http://www.owasp.org/index.php/Category:OWASP_Guide_Project

OWASP .NET Project http://www.owasp.org/index.php/Category:OWASP_.NET_Project the purpose of the this project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. (Assessment Criteria v1.0)

OWASP Testing Guide http://www.owasp.org/index.php/Category:OWASP_Testing_Project a project focused on application security testing procedures and checklists (Assessment Criteria v1.0)

OWASP Top Ten Project http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

OWASP Application Security Verification Standard Project http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project The ASVS defines the first internationally-recognized standard for conducting application security assessments. It covers both automated and manual approaches for assessing (verifying)