OWASP - User contributions [en]

OWASP Portland 2019 Training Day

2019-06-12T01:47:52Z

Imelven:

For the fourth year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for the local Portland security community to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with other local infosec and appsec enthusiasts and meet those who share your interests.

The 4th annual OWASP Portland 2019 Training Day date will be on September 25, 2019. See [[#Details|Details]] for more info.

General registration date will be announced soon.

Want to get news and information on our 2019 Training Day? Subscribe to the [https://groups.google.com/a/owasp.org/forum/#!forum/portland-chapter] Portland OWASP mailing list or follow [https://twitter.com/portlandowasp @PortlandOWASP] on Twitter!

=Courses=
Courses will be held in two tracks: four in the morning session, and four in the afternoon session. Each participant can register for one morning course, one afternoon course, or one of each.

== Morning Session 8:30 AM - Noon ==

=== Classes are TBD ===

=2019 Sponsors=

'''Interested in becoming a sponsor? Watch this space for 2019 sponsorship information or contact us via the mailing list or Twitter!'''

== 2018 Sponsors ==

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]              
[[File:summit.png|link=http://summitinfosec.com/]]              
[[File:OCI Logo.png|link=https://cloud.oracle.com/en_US/iaas]]              
[[File:ForgeRock logo.png|link=https://www.forgerock.com/]]              
[[File:Security Innovation logo.png|link=https://www.securityinnovation.com/]]

=== Morning Coffee Sponsors ===

[[File:OCI Logo.png|link=https://cloud.oracle.com/en_US/iaas]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              

=Details=
OWASP Portland 2019 Training Day will be on September 25, 2019.

This year for the 2nd time, we'll be located at:

World Trade Center Portland
121 SW Salmon St.
Portland, OR 97204.

Later in the evening, a social mixer will also be held at Rock Bottom Restaurant & Brewery, just a short walk away:

206 SW Morrison St
Portland, OR 97204

===Schedule===
Schedule TBD!

Interested in teaching a training at Training Day 2019? Contact Portland OWASP via the mailing list or Twitter!

=== Lunch Ideas ===

Here are some lunch ideas:
* Farmhouse Cafe, 101 SW Main St.
* The Good Earth Cafe, 1136 SW 3rd Ave.
* Chipotle Mexican Grill, 240 SW Yamhill St.
* Luc Lac Vietnamese Kitchen, 835 SW 2nd Ave.
* Rock Bottom Restaurant & Brewery, 206 SW Morrison St.
* Buffalo Wild Wings, 327 SW Morrison St.
* Cafe Yumm, 301 SW Morrison St.
* Killer Burger, 510 SW 3rd Ave.
* House of Ramen, 223 SW Columbia St.
* There are some food carts north of the World Trade Center on SW 3rd Ave. and SW Stark St.

=How to Register=

Registration will again be via EventBrite

Thank you to the OWASP Foundation and the many sponsors, trainers, volunteers and trainers that have helped make Training Day a success and allow us to continue!

OWASP Portland 2019 Training Day

2019-06-12T01:21:19Z

Imelven:

For the fourth year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for the local Portland security community to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with other local infosec and appsec enthusiasts and meet those who share your interests.

The 4th annual OWASP Portland 2019 Training Day date will be '''announced soon!''' See [[#Details|Details]] for more info.

General registration date will be announced soon.

Want to get news and information on our 2019 Training Day? Subscribe to the [https://groups.google.com/a/owasp.org/forum/#!forum/portland-chapter] Portland OWASP mailing list or follow [https://twitter.com/portlandowasp @PortlandOWASP] on Twitter!

=Courses=
Courses will be held in two tracks: four in the morning session, and four in the afternoon session. Each participant can register for one morning course, one afternoon course, or one of each.

== Morning Session 8:30 AM - Noon ==

=== Classes are TBD ===

=Sponsors=

'''Interested in becoming a sponsor? Watch this space for 2019 sponsorship information or contact us via the mailing list or Twitter!'''

== A huge thank you to our 2018 sponsors! ==

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]              
[[File:summit.png|link=http://summitinfosec.com/]]              
[[File:OCI Logo.png|link=https://cloud.oracle.com/en_US/iaas]]              
[[File:ForgeRock logo.png|link=https://www.forgerock.com/]]              
[[File:Security Innovation logo.png|link=https://www.securityinnovation.com/]]

=== Morning Coffee Sponsors ===

[[File:OCI Logo.png|link=https://cloud.oracle.com/en_US/iaas]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              

=Details=
OWASP Portland 2019 Training Day will be Fall 2019.

This year for the 2nd time, we'll be located at:

World Trade Center Portland
121 SW Salmon St.
Portland, OR 97204.

Later in the evening, a social mixer will also be held at Rock Bottom Restaurant & Brewery, just a short walk away:

206 SW Morrison St
Portland, OR 97204

===Schedule===
Schedule TBD!

Interested in teaching a training at Training Day 2019? Contact Portland OWASP via the mailing list or Twitter!

=== Lunch Ideas ===

Here are some lunch ideas:
* Farmhouse Cafe, 101 SW Main St.
* The Good Earth Cafe, 1136 SW 3rd Ave.
* Chipotle Mexican Grill, 240 SW Yamhill St.
* Luc Lac Vietnamese Kitchen, 835 SW 2nd Ave.
* Rock Bottom Restaurant & Brewery, 206 SW Morrison St.
* Buffalo Wild Wings, 327 SW Morrison St.
* Cafe Yumm, 301 SW Morrison St.
* Killer Burger, 510 SW 3rd Ave.
* House of Ramen, 223 SW Columbia St.
* There are some food carts north of the World Trade Center on SW 3rd Ave. and SW Stark St.

=How to Register=

Registration will again be via EventBrite

Thank you to the OWASP Foundation and the many sponsors, trainers, volunteers and trainers that have helped make Training Day a success and allow us to continue!

Portland

2019-05-17T17:20:42Z

Imelven:

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator] or on our [https://www.meetup.com/OWASP-Portland-Chapter/ meetup group page].

The Portland OWASP chapter aims to hold a chapter meeting once every month. There is also an OWASP training day held each year, featuring workshops ranging in multiple information security practices.

Feel free to join us on [https://www.meetup.com/OWASP-Portland-Chapter/ Meetup], [https://www.linkedin.com/groups/4223013/ LinkedIn], and follow us on [https://twitter.com/PortlandOWASP Twitter] for upcoming events!
=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of[[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [https://groups.google.com/a/owasp.org/forum/#!forum/portland-chapter/join local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=== Ways You Can Get Involved ===

==== Speakers / Venues ====
For our monthly meetings it would be wonderful if you would help us think of topics, volunteer to speak or help find a good person for a topic, or help us secure a venue capable of hosting ~75 members and guests.

==== Training Day ====
We need volunteers for Training Day every year to take tickets, direct people to classes, assist trainers, etc. Many people volunteer for a half a day and take a class the other half. We'd love to have your help.

==== Mentorship ====
Interested in being a mentor or being mentored ? Please reach out to David Quisenberry, our membership coordinator, to get involved. Focus of mentoring can be Public Speaking, AppSec Skills, Career Development and we will work to align interests of mentors and those being mentored.

==== Chapter Leadership ====
Chapter leaders take the initiative to make sure monthly meetings, Training Day, and mentorships run smoothly (or at least run). If you are looking for a more significant way to get involved over the course of a year this is a great opportunity.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 40 - 75 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

= OWASP Annual Training Day =
[[OWASP Portland 2019 Training Day|2019 Training Day]]

[[OWASP Portland 2018 Training Day|2018 Training Day]]

[[OWASP Portland 2017 Training Day|2017 Training Day]]

[[OWASP Portland 2016 Training Day|2016 Training Day]]

=Presentations=
<big>'''2019'''</big>

'''January'''

Docker Exploits with Josh Farwell

[https://github.com/sparklespdx/conference-talks/blob/master/OWASP_PDX_2019-01-09/slides.pdf Slides]

'''February'''

Building a Security Program with Kendra Ash

[https://github.com/kendraash/talks/blob/master/SecurityProgramTalk%20-%20Kendra%20Ash.pdf Slides]

'''March'''

Breaching the Cyber-Security Job Industry with Ryan Krause

[https://github.com/ryankrause/talks/blob/master/Breaching%20the%20Cyber%20Security%20Job%20Industry.pdf Slides]

'''April'''

OWASP Top Ten For JavaScript Developers with Lewis Ardern

=Contact=

Your current Portland Chapter Board:

*Ian Melven - 2019 Chapter Leader (ian.melven@owasp.org)
*Bhushan Gupta - 2019 Vice Leader (bhushan.gupta@owasp.org)
*Benny Zhao - 2019 Treasurer (benny.zhao@owasp.org)
*David Quisenberry - Community Outreach (david.quisenberry@owasp.org)

A huge THANK YOU to the other members of the chapter leadership team and our volunteers, past and present !

*Philip Jenkins
*Brian Ventura
*Sonny Nallamilli - 2018 Treasurer
*James Bohem
*Adam Russell (adam.russell@owasp.org)
*Matthew Lapworth
*Katie Feucht
*Timothy D. Morgan - Founder (tim.morgan@owasp.org)
*AJ Dexter - Founder (aj.dexter@gmail.com - now retired)

__NOTOC__

<headertabs />

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2019 ==
=== Champion Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

[[File:Vacasa Logo .png|frameless|375x375px]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

Portland

2019-05-15T17:52:45Z

Imelven:

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator] or on our [https://www.meetup.com/OWASP-Portland-Chapter/ meetup group page].

The Portland OWASP chapter aims to hold a chapter meeting once every month. There is also an OWASP training day held each year, featuring workshops ranging in multiple information security practices.

Feel free to join us on [https://www.meetup.com/OWASP-Portland-Chapter/ Meetup], [https://www.linkedin.com/groups/4223013/ LinkedIn], and follow us on [https://twitter.com/PortlandOWASP Twitter] for upcoming events!
=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of[[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [https://groups.google.com/a/owasp.org/forum/#!forum/portland-chapter/join local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=== Ways You Can Get Involved ===

==== Speakers / Venues ====
For our monthly meetings it would be wonderful if you would help us think of topics, volunteer to speak or help find a good person for a topic, or help us secure a venue capable of hosting ~75 members and guests.

==== Training Day ====
We need volunteers for Training Day every year to take tickets, direct people to classes, assist trainers, etc. Many people volunteer for a half a day and take a class the other half. We'd love to have your help.

==== Mentorship ====
Interested in being a mentor or being mentored ? Please reach out to David Quisenberry, our membership coordinator, to get involved. Focus of mentoring can be Public Speaking, AppSec Skills, Career Development and we will work to align interests of mentors and those being mentored.

==== Chapter Leadership ====
Chapter leaders take the initiative to make sure monthly meetings, Training Day, and mentorships run smoothly (or at least run). If you are looking for a more significant way to get involved over the course of a year this is a great opportunity.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 40 - 75 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

= OWASP Annual Training Day =
[[OWASP Portland 2018 Training Day|2018 Training Day]]

[[OWASP Portland 2017 Training Day|2017 Training Day]]

[[OWASP Portland 2016 Training Day|2016 Training Day]]

=Presentations=
<big>'''2019'''</big>

'''January'''

Docker Exploits with Josh Farwell

[https://github.com/sparklespdx/conference-talks/blob/master/OWASP_PDX_2019-01-09/slides.pdf Slides]

'''February'''

Building a Security Program with Kendra Ash

[https://github.com/kendraash/talks/blob/master/SecurityProgramTalk%20-%20Kendra%20Ash.pdf Slides]

'''March'''

Breaching the Cyber-Security Job Industry with Ryan Krause

[https://github.com/ryankrause/talks/blob/master/Breaching%20the%20Cyber%20Security%20Job%20Industry.pdf Slides]

'''April'''

OWASP Top Ten For JavaScript Developers with Lewis Ardern

=Contact=

Your current Portland Chapter Board:

*Ian Melven - 2019 Chapter Leader (ian.melven@owasp.org)
*Bhushan Gupta - 2019 Vice Leader (bhushan.gupta@owasp.org)
*Benny Zhao - 2019 Treasurer (benny.zhao@owasp.org)
*David Quisenberry - Community Outreach (david.quisenberry@owasp.org)

A huge THANK YOU to the other members of the chapter leadership team and our volunteers, past and present !

*Philip Jenkins
*Brian Ventura
*Sonny Nallamilli - 2018 Treasurer
*James Bohem
*Adam Russell (adam.russell@owasp.org)
*Matthew Lapworth
*Katie Feucht
*Timothy D. Morgan - Founder (tim.morgan@owasp.org)
*AJ Dexter - Founder (aj.dexter@gmail.com - now retired)

__NOTOC__

<headertabs />

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2019 ==
=== Champion Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

[[File:Vacasa Logo .png|frameless|375x375px]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

Portland

2019-05-15T17:50:52Z

Imelven:

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator] or on our [https://www.meetup.com/OWASP-Portland-Chapter/ meetup group page].

The Portland OWASP chapter aims to hold a chapter meeting once every month. There is also an OWASP training day held each year, featuring workshops ranging in multiple information security practices.

Feel free to join us on [https://www.meetup.com/OWASP-Portland-Chapter/ Meetup], [https://www.linkedin.com/groups/4223013/ LinkedIn], and follow us on [https://twitter.com/PortlandOWASP Twitter] for upcoming events!
=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of[[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [https://groups.google.com/a/owasp.org/forum/#!forum/portland-chapter/join local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=== Ways You Can Get Involved ===

==== Speakers / Venues ====
For our monthly meetings it would be wonderful if you would help us think of topics, volunteer to speak or help find a good person for a topic, or help us secure a venue capable of hosting ~75 members and guests.

==== Training Day ====
We need volunteers for Training Day every year to take tickets, direct people to classes, assist trainers, etc. Many people volunteer for a half a day and take a class the other half. We'd love to have your help.

==== Mentorship ====
Reach out to David Quisenberry, our membership coordinator, to get involved. Focus of mentoring can be Public Speaking, AppSec Skills, Career Development and we will work to align interests of mentors and those being mentored.

==== Chapter Leadership ====
Chapter leaders take the initiative to make sure monthly meetings, Training Day, and mentorships run smoothly (or at least run). If you are looking for a more significant way to get involved over the course of a year this is a great opportunity.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 40 - 75 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

= OWASP Annual Training Day =
[[OWASP Portland 2018 Training Day|2018 Training Day]]

[[OWASP Portland 2017 Training Day|2017 Training Day]]

[[OWASP Portland 2016 Training Day|2016 Training Day]]

=Presentations=
<big>'''2019'''</big>

'''January'''

Docker Exploits with Josh Farwell

[https://github.com/sparklespdx/conference-talks/blob/master/OWASP_PDX_2019-01-09/slides.pdf Slides]

'''February'''

Building a Security Program with Kendra Ash

[https://github.com/kendraash/talks/blob/master/SecurityProgramTalk%20-%20Kendra%20Ash.pdf Slides]

'''March'''

Breaching the Cyber-Security Job Industry with Ryan Krause

[https://github.com/ryankrause/talks/blob/master/Breaching%20the%20Cyber%20Security%20Job%20Industry.pdf Slides]

'''April'''

OWASP Top Ten For JavaScript Developers with Lewis Ardern

=Contact=

Your current Portland Chapter Board:

*Ian Melven - 2019 Chapter Leader (ian.melvin@owasp.org)
*Bhushan Gupta - 2019 Vice Leader (bhushan.gupta@owasp.org)
*Benny Zhao - 2019 Treasurer (benny.zhao@owasp.org)
*David Quisenberry - Community Outreach (david.quisenberry@owasp.org)

Other volunteers and organizers:

*Sonny Nallamilli - 2018 Treasurer
*James Bohem
*Adam Russell (adam.russell@owasp.org)
*Matthew Lapworth
*Katie Feucht
*Timothy D. Morgan - Founder (tim.morgan@owasp.org)
*AJ Dexter - Founder (aj.dexter@gmail.com - now retired)

__NOTOC__

<headertabs />

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2019 ==
=== Champion Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

[[File:Vacasa Logo .png|frameless|375x375px]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

Portland

2019-05-15T17:50:31Z

Imelven:

Welcome to the Portland, Oregon OWASP Chapter.

[[File:Portland_and_Mt_Hood.jpg]]

=Events=

Past and future event information can be found in [http://calagator.org/events/search?query=OWASP Calagator] or on our [https://www.meetup.com/OWASP-Portland-Chapter/ meetup group page].

The Portland OWASP chapter aims to hold a chapter meeting once every month. There is also an OWASP training day held each year, featuring workshops ranging in multiple information security practices.

Feel free to join us on [https://www.meetup.com/OWASP-Portland-Chapter/ Meetup], [https://www.linkedin.com/groups/4223013/ LinkedIn], and follow us on [https://twitter.com/PortlandOWASP Twitter] for upcoming events!
=For Participants=
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/1ZgY25F0F7QgScMlB1X7LAa70LtyJql8XqcYdR4suPUo/edit#slide=id.p Overview Slides]) is a professional association of[[Membership | global members]] and is and open to anyone interested in learning more about software security. Local chapters are run independently by volunteers and guided by the [[Chapter_Leader_Handbook|Handbook]].

If you are interested in attending chapter meetings or otherwise getting involved, we strongly encourage you to join the [https://groups.google.com/a/owasp.org/forum/#!forum/portland-chapter/join local chapter email list]. This list is low-volume, but acts as a great resource for local security information and announcements about chapter meetings.

=== Ways You Can Get Involved ===

==== Speakers / Venues ====
For our monthly meetings it would be wonderful if you would help us think of topics, volunteer to speak or help find a good person for a topic, or help us secure a venue capable of hosting ~75 members and guests.

==== Training Day ====
We need volunteers for Training Day every year to take tickets, direct people to classes, assist trainers, etc. Many people volunteer for a half a day and take a class the other half. We'd love to have your help.

==== Mentorship ====
Reach out to David Quisenberry, our membership coordinator, to get involved. Focus of mentoring can be Public Speaking, AppSec Skills, Career Development and we will work to align interests of mentors and those being mentored.

==== Chapter Leadership ====
Chapter leaders take the initiative to make sure monthly meetings, Training Day, and mentorships run smoothly (or at least run). If you are looking for a more significant way to get involved over the course of a year this is a great opportunity.

=For Speakers=
We would be thrilled if you would like to come give a talk at one of our chapter meetings. Anything security-related is a good candidate for a talk and will likely draw an interested audience. Suggestions for possible topics for future meetings:

* Integrating security into an SDLC
* HTML5 security
* Social engineering
* Application Security Tools Review & Comparisons
* Discussion starters for controversial security topics
* Your experiences trying to implement a security solution
* Security basics talks; introductions to secure coding practices

Our OWASP meetings typically draw between 40 - 75 attendees. Chapter meetings are a great place to do a dry run of talks you intend to give at conferences or just to connect with locals. Before you present, please be sure you carefully review the [[Speaker_Agreement | speaker agreement]].

= OWASP Annual Training Day =
[[OWASP Portland 2018 Training Day|2018 Training Day]]

[[OWASP Portland 2017 Training Day|2017 Training Day]]

[[OWASP Portland 2016 Training Day|2016 Training Day]]

=Presentations=
<big>'''2019'''</big>

'''January'''

Docker Exploits with Josh Farwell

[https://github.com/sparklespdx/conference-talks/blob/master/OWASP_PDX_2019-01-09/slides.pdf Slides]

'''February'''

Building a Security Program with Kendra Ash

[https://github.com/kendraash/talks/blob/master/SecurityProgramTalk%20-%20Kendra%20Ash.pdf Slides]

'''March'''

Breaching the Cyber-Security Job Industry with Ryan Krause

[https://github.com/ryankrause/talks/blob/master/Breaching%20the%20Cyber%20Security%20Job%20Industry.pdf Slides]

'''April'''

OWASP Top Ten For JavaScript Developers with Lewis Ardern

=Contact=

Your current Portland Chapter Board:

*Ian Melven - 2019 Chapter Chair (ian.melven@owasp.org)
*Bhushan Gupta - 2019 Vice Chair (bhushan.gupta@owasp.org)
*Benny Zhao - 2019 Treasurer (benny.zhao@owasp.org)
*David Quisenberry - Community Outreach (david.quisenberry@owasp.org)

Thank you to the rest of our leadership team, volunteers and organizers!

*Sonny Nallamilli - 2018 Treasurer
*Brian Ventura
*Philip Jenkins
*James Bohem
*Adam Russell (adam.russell@owasp.org)
*Matthew Lapworth
*Katie Feucht
*Timothy D. Morgan - Founder (tim.morgan@owasp.org)
*AJ Dexter - Founder (aj.dexter@gmail.com - now retired)

__NOTOC__

<headertabs />

= Chapter Supporters =
Besides being funded through individual contributions and chapter memberships, our chapter is also supported through corporate sponsors. We would like to thank our sponsors for making many excellent activities possible:

== 2019 ==
=== Champion Supporters ===
[[File:simple-logo.png|x100px|link=https://simple.com/]]             
[[File:Newrelic-logo.png|x100px|frameless|link=https://newrelic.com/]]

[[File:Vacasa Logo .png|frameless|375x375px]]

[[OWASP Portland Sponsorship Archive|Past Chapter Supporters]]

<big>Want to become a chapter supporter? See the [[OWASP Portland Sponsorship Policy]] for more information.</big>

== Donate ==
OWASP is non-profit, volunteer-managed organization. All chapters are organized by volunteers. By donating to your local chapter or becoming an OWASP member, you help support a variety of activities and events including chapter meetings, competitions, and training. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.

Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/memberappregion]]

[[Category:Oregon]]
[[Category:OWASP Chapter]]

OWASP Portland 2019 Training Day

2019-02-07T22:56:34Z

Imelven:

For the fourth year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for the local Portland security community to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with other local infosec and appsec enthusiasts and meet those who share your interests.

The 4th annual OWASP Portland 2019 Training Day date will be '''announced soon!''' See [[#Details|Details]] for more info.

General registration date will be announced soon.

Want to get news and information on our 2018 Training Day? Subscribe to the [https://lists.owasp.org/listinfo/owasp-portland] Portland OWASP mailing list or follow [https://twitter.com/portlandowasp @PortlandOWASP] on Twitter!

=Courses=
Courses will be held in two tracks: four in the morning session, and four in the afternoon session. Each participant can register for one morning course, one afternoon course, or one of each.

== Morning Session 8:30 AM - Noon ==

=== Classes are TBD ===

=Sponsors=

'''Interested in becoming a sponsor? Watch this space for 2019 sponsorship information or contact us via the mailing list or Twitter!'''

== A huge thank you to our 2018 sponsors! ==

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]              
[[File:summit.png|link=http://summitinfosec.com/]]              
[[File:OCI Logo.png|link=https://cloud.oracle.com/en_US/iaas]]              
[[File:ForgeRock logo.png|link=https://www.forgerock.com/]]              
[[File:Security Innovation logo.png|link=https://www.securityinnovation.com/]]

=== Morning Coffee Sponsors ===

[[File:OCI Logo.png|link=https://cloud.oracle.com/en_US/iaas]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              

=Details=
OWASP Portland 2019 Training Day will be Fall 2019.

This year for the 2nd time, we'll be located at:

World Trade Center Portland
121 SW Salmon St.
Portland, OR 97204.

Later in the evening, a social mixer will also be held at Rock Bottom Restaurant & Brewery, just a short walk away:

206 SW Morrison St
Portland, OR 97204

===Schedule===
Schedule TBD!

Interested in teaching a training at Training Day 2019? Contact Portland OWASP via the mailing list or Twitter!

=== Lunch Ideas ===

Here are some lunch ideas:
* Farmhouse Cafe, 101 SW Main St.
* The Good Earth Cafe, 1136 SW 3rd Ave.
* Chipotle Mexican Grill, 240 SW Yamhill St.
* Luc Lac Vietnamese Kitchen, 835 SW 2nd Ave.
* Rock Bottom Restaurant & Brewery, 206 SW Morrison St.
* Buffalo Wild Wings, 327 SW Morrison St.
* Cafe Yumm, 301 SW Morrison St.
* Killer Burger, 510 SW 3rd Ave.
* House of Ramen, 223 SW Columbia St.
* There are some food carts north of the World Trade Center on SW 3rd Ave. and SW Stark St.

=How to Register=

Registration will again be via EventBrite

Thank you to the OWASP Foundation and the many sponsors, trainers, volunteers and trainers that have helped make Training Day a success and allow us to continue!

OWASP Portland 2019 Training Day

2019-02-07T22:56:09Z

Imelven: 2019 training day page

For the fourth year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for the local Portland security community to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with other local infosec and appsec enthusiasts and meet those who share your interests.

The 4th annual OWASP Portland 2019 Training Day date will be '''announced soon!''' See [[#Details|Details]] for more info.

General registration date will be announced soon.

Want to get news and information on our 2018 Training Day? Subscribe to the [https://lists.owasp.org/listinfo/owasp-portland] Portland OWASP mailing list or follow [https://twitter.com/portlandowasp @PortlandOWASP] on Twitter!

=Courses=
Courses will be held in two tracks: four in the morning session, and four in the afternoon session. Each participant can register for one morning course, one afternoon course, or one of each.

== Morning Session 8:30 AM - Noon ==

=== Classes are TBD ===

=Sponsors=

'''Interested in becoming a sponsor? Watch this space for 2019 sponsorship information or contact us via the mailing list or Twitter!'''

== A huge thank you to our 2018 sponsors! ==

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]              
[[File:summit.png|link=http://summitinfosec.com/]]              
[[File:OCI Logo.png|link=https://cloud.oracle.com/en_US/iaas]]              
[[File:ForgeRock logo.png|link=https://www.forgerock.com/]]              
[[File:Security Innovation logo.png|link=https://www.securityinnovation.com/]]

=== Morning Coffee Sponsors ===

[[File:OCI Logo.png|link=https://cloud.oracle.com/en_US/iaas]]

=== General Sponsors ===

[[File:simple.png|link=https://simple.com/]]              
[[File:PNSQC 2018 125x125.jpg|link=https://www.pnsqc.org/]]

=Details=
OWASP Portland 2019 Training Day will be Fall 2019.

This year for the 2nd time, we'll be located at:

World Trade Center Portland
121 SW Salmon St.
Portland, OR 97204.

Later in the evening, a social mixer will also be held at Rock Bottom Restaurant & Brewery, just a short walk away:

206 SW Morrison St
Portland, OR 97204

===Schedule===
Schedule TBD!

Interested in teaching a training at Training Day 2019? Contact Portland OWASP via the mailing list or Twitter!

=== Lunch Ideas ===

Here are some lunch ideas:
* Farmhouse Cafe, 101 SW Main St.
* The Good Earth Cafe, 1136 SW 3rd Ave.
* Chipotle Mexican Grill, 240 SW Yamhill St.
* Luc Lac Vietnamese Kitchen, 835 SW 2nd Ave.
* Rock Bottom Restaurant & Brewery, 206 SW Morrison St.
* Buffalo Wild Wings, 327 SW Morrison St.
* Cafe Yumm, 301 SW Morrison St.
* Killer Burger, 510 SW 3rd Ave.
* House of Ramen, 223 SW Columbia St.
* There are some food carts north of the World Trade Center on SW 3rd Ave. and SW Stark St.

=How to Register=

Registration will again be via EventBrite

Thank you to the OWASP Foundation and the many sponsors, trainers, volunteers and trainers that have helped make Training Day a success and allow us to continue!

OWASP Portland 2018 Training Day

2018-08-09T23:17:27Z

Imelven:

For the third year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for those interested to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with the local infosec community and meet those who share your interests.

Want to get news and information on our 2018 Training Day? Subscribe to the Portland OWASP mailing list or follow @PortlandOWASP on Twitter!

=Courses=
Courses will be held in two tracks: four in the morning session, and four in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each.

More information coming soon!

=Sponsors=

'''Interested in becoming a sponsor? Watch this space for 2018 sponsorship information!'''

=== Mixer Sponsors===

Coming soon!

=== Training Session Sponsors ===

Coming soon!
=== General Sponsors ===

Coming soon!

=Details=
OWASP Portland 2018 Training Day will be October 3, 2018. This year we'll be located at the World Trade Center Portland, 121 SW Salmon St, Portland, OR 97204.

===Schedule===
Schedule TBD!

=== Lunch Ideas ===

Lunch ideas for 2018 coming soon!

=How to Register=
Registration information and dates coming soon!

OWASP Portland 2018 Training Day

2018-02-05T20:01:04Z

Imelven:

For the third year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for those interested to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with the local infosec community and meet those who share your interests.

Want to get news and information on our 2018 Training Day? Subscribe to the Portland OWASP mailing list or follow @PortlandOWASP on Twitter!

=Courses=
Courses will be held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each.

More information coming soon!

=Sponsors=

'''Interested in becoming a sponsor? Watch this space for 2018 sponsorship information!'''

Thank you very much to our 2017 sponsors!

The following sponsors made our 2017 event possible:

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]   

           

===== [https://www.obsglobal.com/ Online Business Systems] =====

=== General Sponsors ===

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
Date and location coming very soon!

===Schedule===
Schedule TBD!

=== Lunch Ideas ===

Lunch ideas for 2018 coming soon!

=How to Register=
Registration information and dates coming soon!

OWASP Portland 2018 Training Day

2018-02-05T20:00:16Z

Imelven: Created page with "For the third year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for those interested to rec..."

For the third year in a row, the Portland OWASP chapter is proud to host our information security training day! This is be an excellent opportunity for those interested to receive top quality information security and application security training for prices far lower than normally offered. It's also a great chance to network with the local infosec community and meet those who share your interests.

Want to get news and information on our 2018 Training Day? Subscribe to the Portland OWASP mailing list or follow @PortlandOWASP on Twitter!

=Courses=
Courses will be held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each.

More information

=Sponsors=

'''Interested in becoming a sponsor?"" Watch this space for 2018 sponsorship information.

Thank you very much to our 2017 sponsors!

The following sponsors made our 2017 event possible:

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]   

           

===== [https://www.obsglobal.com/ Online Business Systems] =====

=== General Sponsors ===

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
Date and location coming very soon!

===Schedule===
Schedule TBD!

=== Lunch Ideas ===

Lunch ideas for 2018 coming soon!

=How to Register=
Registration information and dates coming soon!

OWASP Portland 2017 Training Day

2017-09-25T16:57:54Z

Imelven:

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. '''The cost per course is $25.''' The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===

==== Sponsored by New Relic ====
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===

==== Sponsored by Online Business Systems ====
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: ian ''DOT'' melven ''AT'' owasp.org'''

The following sponsors have made this event possible:

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]   

           

===== [https://www.obsglobal.com/ Online Business Systems] =====

=== General Sponsors ===

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201
[[File:OWASP Training map.png|none|thumb]]

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |5:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
Registration is via EventBrite : https://www.eventbrite.com/e/portland-owasp-training-day-2017-tickets-37297273148?aff=es2

File:OWASP Training map.png

2017-09-25T16:57:11Z

Imelven:

Map

OWASP Portland 2017 Training Day

2017-09-21T15:33:29Z

Imelven:

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. '''The cost per course is $25.''' The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===

==== Sponsored by New Relic ====
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===

==== Sponsored by Online Business Systems ====
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: ian ''DOT'' melven ''AT'' owasp.org'''

The following sponsors have made this event possible:

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]   

           

===== [https://www.obsglobal.com/ Online Business Systems] =====

=== General Sponsors ===

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |5:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
Registration is via EventBrite : https://www.eventbrite.com/e/portland-owasp-training-day-2017-tickets-37297273148?aff=es2

OWASP Portland 2017 Training Day

2017-09-20T15:20:51Z

Imelven:

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. '''The cost per course is $25.''' The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===

==== Sponsored by New Relic ====
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: ian ''DOT'' melven ''AT'' owasp.org'''

The following sponsors have made this event possible:

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]   

           

===== [https://www.obsglobal.com/ Online Business Systems] =====

=== General Sponsors ===

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |5:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
Registration is via EventBrite : https://www.eventbrite.com/e/portland-owasp-training-day-2017-tickets-37297273148?aff=es2

OWASP Portland 2017 Training Day

2017-09-08T01:03:49Z

Imelven: /* Courses */

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. '''The cost per course is $25.''' The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===

==== Sponsored by New Relic ====
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: ian ''DOT'' melven ''AT'' owasp.org'''

The following sponsors have made this event possible:

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]   

           

===== [https://www.obsglobal.com/ Online Business Systems] =====

=== General Sponsors ===

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |5:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration will open soon - please follow @PortlandOWASP on Twitter for updates!'''

OWASP Portland 2017 Training Day

2017-09-08T00:59:28Z

Imelven: /* Sponsors */

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. '''The cost per course is $25.''' The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: ian ''DOT'' melven ''AT'' owasp.org'''

The following sponsors have made this event possible:

=== Mixer Sponsors===

[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===

[[File:newrelic.png|link=https://newrelic.com/]]   

           

===== [https://www.obsglobal.com/ Online Business Systems] =====

=== General Sponsors ===

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |5:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration will open soon - please follow @PortlandOWASP on Twitter for updates!'''

OWASP Portland 2017 Training Day

2017-09-08T00:57:42Z

Imelven:

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. '''The cost per course is $25.''' The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''Interested in becoming a sponsor? Please contact: ian ''DOT'' melven ''AT'' owasp.org'''

The following sponsors have made this event possible:

=== Mixer Sponsors===
[[File:github.png|link=https://github.com/]]

=== Training Session Sponsors ===
[[File:newrelic.png|link=https://newrelic.com/]]              
Online Business Systems https://www.obsglobal.com/

=== General Sponsors ===

[[File:summit.png|link=http://summitinfosec.com/]]

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |5:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration will open soon - please follow @PortlandOWASP on Twitter for updates!'''

OWASP Portland 2017 Training Day

2017-09-08T00:48:54Z

Imelven: /* Courses */

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. '''The cost per course is $25.''' The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''COMING SOON !''' We are finalizing our sponsors for this year's training day. It's not too late to sponsor! If interested, please contact ian DOT melven@owasp DOT org

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |5:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration will open soon - please follow @PortlandOWASP on Twitter for updates!'''

OWASP Portland 2017 Training Day

2017-09-06T17:41:50Z

Imelven: /* Schedule */

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''COMING SOON !''' We are finalizing our sponsors for this year's training day. It's not too late to sponsor! If interested, please contact ian DOT melven@owasp DOT org

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |5:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration will open soon - please follow @PortlandOWASP on Twitter for updates!'''

OWASP Portland 2017 Training Day

2017-09-06T17:39:22Z

Imelven:

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

'''COMING SOON !''' We are finalizing our sponsors for this year's training day. It's not too late to sponsor! If interested, please contact ian DOT melven@owasp DOT org

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |6:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration will open soon - please follow @PortlandOWASP on Twitter for updates!'''

OWASP Portland 2017 Training Day

2017-09-06T17:19:58Z

Imelven: /* Schedule */

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

We are finalizing our sponsors for this year's training day. It's not too late to sponsor! If interested, please contact ian DOT melven@owasp DOT org

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room SMSU 328: Cyber Security
Framework
|Room SMSU 329: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room SMSU 327: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room SMSU 328: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room SMSU 329: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |6:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration is via EventBrite : https://www.eventbrite.com/myevent?eid=37297273148'''

'''Registration will open soon - please follow @PortlandOWASP on Twitter for updates!'''

OWASP Portland 2017 Training Day

2017-09-06T17:17:48Z

Imelven:

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan''

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper''

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill''

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov''

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick''

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg''

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

We are finalizing our sponsors for this year's training day. It's not too late to sponsor! If interested, please contact ian DOT melven@owasp DOT org

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room TBD: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room TBD: Cyber Security
Framework
|Room TBD: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room TBD: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room TBD: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room TBD: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |6:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration is via EventBrite : https://www.eventbrite.com/myevent?eid=37297273148'''

'''Registration will open soon - please follow @PortlandOWASP on Twitter for updates!'''

OWASP Portland 2017 Training Day

2017-09-01T16:15:31Z

Imelven: /* Schedule */

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan'' 
''Assistant: TBD'' 

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper'' 
''Assistant: TBD'' 

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill'' 
''Assistant: TBD'' 

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov'' 
''Assistant: TBD'' 

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick'' 
''Assistant: TBD'' 

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg'' 
''Assistant: TBD'' 

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

We are finalizing our sponsors for this year's training day. It's not too late to sponsor! If interested, please contact ian DOT melven@owasp DOT org

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
!
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="3" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room TBD: Client-side Security for Modern Web Applications
(SOP, XSS, CSRF, CSP, etc)
| style="padding: 0.5em;" |Room TBD: Cyber Security
Framework
|Room TBD: Securing Your AWS Environment
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="3" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room TBD: Burp and ZAP: Introduction into web intercept/scanning tools
| style="padding: 0.5em;" |Room TBD: Applied Physical Attacks on Embedded Systems, Introductory Version
|Room TBD: Cyber First-Aid: Introduction to Incident Response
|-
| style="padding: 0.5em;" |6:00 PM - 7:30 PM
| colspan="3" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration information is coming soon! Follow @PortlandOWASP on Twitter for updates! '''

OWASP Portland 2017 Training Day

2017-09-01T16:10:15Z

Imelven:

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan'' 
''Assistant: TBD'' 

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
''Instructor: James Trumper'' 
''Assistant: TBD'' 

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
''Instructor: Derek Hill'' 
''Assistant: TBD'' 

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
''Instructor: Alexei Kojenov'' 
''Assistant: TBD'' 

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
''Instructor: Joe Fitzpatrick'' 
''Assistant: TBD'' 

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

''Instructor: Kris Rosenberg'' 
''Assistant: TBD'' 

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

We are finalizing our sponsors for this year's training day. It's not too late to sponsor! If interested, please contact ian DOT melven@owasp DOT org

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2" |Activity
|-
| style="padding: 0.5em;" |8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;" |Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;" |9:00 AM - 12:00 PM
| style="padding: 0.5em;" |Room 298: Cyber Hygiene - Critical Security Controls
| style="padding: 0.5em;" |Room 333: Introduction to Injection Vulnerabilities
|-
| style="padding: 0.5em;" |12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;" | Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;" |1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;" | Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;" |1:30 PM - 5:00 PM
| style="padding: 0.5em;" |Room 298: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;" |Room 333: Communications Security in Modern Software
|-
| style="padding: 0.5em;" |6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;" | Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration information is coming soon! Follow @PortlandOWASP on Twitter for updates! '''

OWASP Portland 2017 Training Day

2017-09-01T16:08:58Z

Imelven: Created page with "Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality..."

Once again this year the Portland OWASP chapter is hosting an information security training day! This will be an excellent opportunity for those interested to receive quality information security and application security training for next to nothing. It's also a great chance to network with the local infosec community and meet those who share your interests.

=Courses=
Courses are held in two tracks: three in the morning session, and three in the afternoon session. Each participant can register for one morning course, or one afternoon course, or one of each. The six courses offered are as follows:

== Morning Session 8:30 AM - Noon ==

=== Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc) ===
''Instructor: Timothy Morgan'' 
''Assistant: TBD'' 

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

=== Cyber Security Framework ===
"Instructor: James Trumper" 
''Assistant: TBD'' 

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

=== Securing Your AWS Environment ===
"Instructor: Derek Hill" 
''Assistant: TBD'' 

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.

== Afternoon Session: 1:30 PM - 5:00 PM ==

=== Burp and ZAP: Introduction into web intercept/scanning tools ===
"Instructor: Alexei Kojenov" 
''Assistant: TBD'' 

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

=== Applied Physical Attacks on Embedded Systems, Introductory Version ===
"Instructor: Joe Fitzpatrick" 
''Assistant: TBD'' 

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

=== Cyber First-Aid: Introduction to Incident Response ===

"Instructor: Kris Rosenberg" 
''Assistant: TBD'' 

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

=Sponsors=

We are finalizing our sponsors for this year's training day. It's not too late to sponsor! If interested, please contact ian DOT melven@owasp DOT org

=Details=
The training day will be held on Wednesday, October 4 at:

PSU - Smith Memorial Student Union Building
1825 SW Broadway
Portland, OR 97201

Later in the evening, a social mixer will also be held at Rogue Hall, just a short walk away:

1717 Southwest Park Ave.
Portland, OR 97201

===Schedule===
{| class="wikitable"
! |Time
! colspan="2"|Activity
|-
| style="padding: 0.5em;"|8:00 AM - 9:00 AM
| colspan="2" style="padding: 0.5em;"|Morning Registration (Near Room 298)
|-
| style="padding: 0.5em;"|9:00 AM - 12:00 PM
| style="padding: 0.5em;"|Room 298: Cyber Hygiene - Critical Security Controls
| style="padding: 0.5em;"|Room 333: Introduction to Injection Vulnerabilities
|-
| style="padding: 0.5em;"|12:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Lunch on your own - ''Meet a new friend and grab a bite!''
|-
| style="padding: 0.5em;"|1:00 PM - 1:30 PM
| colspan="2" style="padding: 0.5em;"| Afternoon Registration (for those attending only in the afternoon)
|-
| style="padding: 0.5em;"|1:30 PM - 5:00 PM
| style="padding: 0.5em;"|Room 298: Applied Physical Attacks on Embedded Systems
| style="padding: 0.5em;"|Room 333: Communications Security in Modern Software
|-
| style="padding: 0.5em;"|6:00 PM - 7:30 PM
| colspan="2" style="padding: 0.5em;"| Evening Mixer @ Rogue Hall
|}

=== Lunch Ideas ===

There are a '''large''' number of restaurants nearby, but in case you're having trouble deciding (or your phone battery died), here are some possibilities:

* Baan-Thai Restaurant, 1924 SW Broadway
* Hotlips Pizza, 1909 SW 6th Ave
* Laughing Planet Cafe, 1720 SW 4th Ave
* Love Belizean, 1503 SW Broadway
* McMenamins Market Street Pub, 1526 SW 10th Ave
* There is also a block of food carts on SW 4th Ave between Hall St & College St.

=How to Register=
'''Registration information is coming soon! Follow @PortlandOWASP on Twitter for updates! '''