Christian Edjenguele: 2009

martedì 7 luglio 2009

CFP - Security Byte & OWASP AppSec ASIA 2009

Securitybyte & OWASP AppSec Asia Conference is a forum where Ethical Hackers, Practitioners, Researchers, and Developers in Information Security field, gathers to showcase and exchange new Researches, Innovations, Practical ideas and Experiences. If you are developing, researching, or implementing practical solutions to protect Corporate or Government Information Infrastructures, please consider sharing your experience and expertise at this conference.

First round of CFP submission is July 30th, 2009.
Send your interest and submissions to cfp@securitybyte.org

For any Speaking query, please contact us at speakers@securitybyte.org

We are seeking submissions for both Two days Conference Track & Post conference two days Training workshops in the following areas:

Conference Tracks (17 – 18 Nov, 2009)
You can submit your response for any the following three conference tracks

* CT 1 - Application, Database & Web Security
* CT 2 - Infrastructure Security (Network / Wireless/ Bluetooth / Malware / Forensics / Cyber- terrorism / Physical Security / Information warfare etc.)
* CT 3 - Risk Management / Compliance

mercoledì 6 maggio 2009

SF.net Community Choice Awards 2009

Nominate OpenSQLi-NG for the SF Community Choice Awards 2009, for the following categories:

Best New Project

Best Tool or Utility for Developers

mercoledì 29 aprile 2009

OpenVAS Developer Conference #2 (July 9th - 12th) - WorkShop

a one day workshop (July 8th 2009) prior to the
OpenVAS Developer Conference #2 (July 9th - 12th)
will be conducted for OpenVAS users.

The following topics will be covered:

1. OpenVAS architecture
2. Installation of OpenVAS on Linux systems
3. OpenVAS scanning
OpenVAS features
Creation of policies and running the scan
Credentiated and Credential less scanning
The OpenVAS knowledge base
Logs
Scanning different network devices: Windows, Unix
Reports
4. OpenVAS Administration
5. Writing NASL plugins
6. OpenVAS integrated tools

Price: EURO 300,-

The money will be utilized to cover the travel costs for students and other
private OpenVAS developers to join the OpenVAS developer's conference.

The workshop is held in english language by Chandrashekhar B of the
company SecPod (India). SecPod will not charge for this and so
100% of the money will help to physically gather a forceful developers
team to prepare for OpenVAS 3.0.

If you are interested and willing to register, please send a mail to
openvas-devcon@intevation.de at the earliest confirming your attendance.

Details on the workshop will also be updated here:
http://www.openvas.org/openvas-devcon2.html

martedì 28 aprile 2009

OWASP AppSec DC 2009 Conference Call for Papers

Hello,

OWASP is currently soliciting papers for the OWASP AppSec DC 2009
Conference that will take place at the Walter E. Washington Convention
Center in Washington, DC on November 10th through 13th of 2009. There
will be training courses on November 10th and 11th followed by plenary
sessions on the 12th and 13th with each day having at least three
tracks. AppSec DC may also have BOF, break out, or speed talks in
addition to the standard schedule depending on the submissions we receive.

We are seeking people and organizations that want to present on any of
the following topics (in no particular order):
- Business Risks with Application Security.
- Starting and Managing Secure Development Lifecycle Programs.
- Web Services-, XML- and Application Security.
- Metrics for Application Security.
- Application Threat Modeling.
- Hands-on Source Code Review.
- Web Application Security Testing.
- OWASP Tools and Projects.
- Secure Coding Practices (J2EE/.NET).
- Privacy Concerns with Applications and Data Storage
- Web Application Security countermeasures
- Technology specific presentations on security such as AJAX, XML, etc.
- Anything else relating to OWASP and Application Security.

To make a submission you must include :
- Presenter(s) name(s)
- Presenter(s) Email and/or Phone number(s)
- Presenter(s) bio(s)
- Title
- Abstract
- Any supporting research/tools (will not be released outside of CFP
committee)

Submission deadline is June 15th 2009 at 11:59 PM Eastern Standard
Time. Submit Proposals To mark.bristow(at)owasp.org with the subject
line "APPSEC DC CFP SUBMISSION" (an automated filter is used).
Additional information can be found in the FAQ.

Conference Website: https://www.owasp.org/index.php/OWASP_AppSec_DC_2009
FAQ: https://www.owasp.org/index.php/OWASP_AppSec_DC_2009_-_FAQ
CFP w/ FAQ: http://www.owasp.org/images/6/65/AppSec_DC_2009_CFP.pdf

Please forward to all interested practitioners and colleagues.

Regards.

domenica 26 aprile 2009

The OpenSQLiNG project starts

I'm glad to announce the start, of the next generation open source sql injection tool, see the project page page for details at: http://opensqling.sourceforge.net/

Database Environment : Project is a database abstraction layer (API)
Intended Audience : Advanced End Users, Developers, System Administrators
License : GNU General Public License (GPL)
Operating System : OS Independent (Written in an interpreted language)
Programming Language : Java, Jython
Topic : Security
Translations : English
User Interface : Command-line, Web-based, Plugins

Summary

OpenSQLi-NG (pronounced Open SQLi N-G) is the next generation open source sql injection tool, build upon a powerful Client/Server plugins-based architecture, It silently test and exploit (on-demand) SQL injections conditions, its core features are DBMS fingerprint, database enumeration and the operating system commands execution. it's coded in python with java class libraries, this makes it completly OS-independent. a Web-Interface will also be available.
Note that this is only the engine of a big vulnarability scanner that I'm planning to implement.

sabato 25 aprile 2009

Website unavailable

just to inform my website http://christian.africa-web.org is unvailable due to a server problem.
thanks for your patience.

mercoledì 22 aprile 2009

mercoledì 8 aprile 2009

OpenVAS Developer Conference #2 (July 9-12 2009)

The second OpenVAS developer conference takes again place in Osnabrück, Germany. This page summarizes the current state of planning.

Attention: User's Workshop planned: Workshop on OpenVAS administration and deployment on the day prior to the conference: July 8th 2009. Costs will be reasonable and the money spend to cover travel costs for students and other private OpenVAS developers. Please express your serious interest to openvas-devcon@intevation.de.

Agenda:

This is a collection of thoughts discussed on the mailing list openvas-discuss. Please involve yourself there to express your ideas or needs.

A major goal is derive a master plan for the next 12-24 month of development.

* review the past 2 years of progress
* plan future features
o Walkthrough of all the pending CR's
* discuss core designs (towards OpenVAS 3.0)
o OIDs: final layout and assignment procedure
o how to get rid of the opevas-plugins module
o replace the current internationalization concepts in nasl/server with a solution by standard technologies
o OVAL with OpenVAS
* discuss how to extend NVT coverage
* discuss whether and how to retire NVTs
* discuss professional services and how they relate to project
* meet the members of the OpenVAS mailing lists in real life and have a beer (or other beverages)

Place:

Intevation GmbH kindly hosts the developer conference at their offices:
Neuer Graben 17
49074 Osnabrück
Germany

Note for attendies of the DevCon1: Intevation moved to new offices in 2008 which are around 5 minutes walking distance from the ones where DevCon1 took place.

Accomodation:

Intevation will take care of hotel reservations. Please include your preferences with the expression of interest for attending.

How to attend:

Please let us know on the openvas-discuss mailing list or directly to openvas-devcon@intevation.de whether you like to attend.

Event page: http://www.openvas.org/openvas-devcon2.html

Christian Edjenguele