OWASP - User contributions [en]

Tampa

2015-12-15T13:18:39Z

Jmorehouse: /* Presentation Archives */

== Welcome to the OWASP Tampa Local Chapter ==

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa

If you have any questions about the Tampa chapter, please send an email to the chapter leaders Jonathan Singer, Brian Beaudry, and Sunny Wear via the above mailing list.

The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].

Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here].

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

== Next Meeting ==
Our next meeting will be held in 2016. Subscribe to the above mailing list or LinkedIn group for more information.

== Presentations ==

TBD.

== Meeting Location ==

Our next meeting will be held at the [http://www.guidepointsecurity.com/contact-us/#St._Petersburg GuidePoint Security] office in Downtown Saint Petersburg. The address is:

[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+106+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 106, Saint Petersburg, FL 33701]

Cash only parking is available across the street in the Muvico parking lot.

== Presentation Archives ==

2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]

OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]

OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]

OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]

OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]

OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]

2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]

2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]

2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]

OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]

OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]

OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]

OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]

OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]

2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]

OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]

OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]

OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]

OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]

OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]

2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]

2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]

2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here]

2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here]

2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here]

OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here]

OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here]

OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here]

OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here]

2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here]

2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here]

2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here]

2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here]

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here]

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here]

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here]

2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here]

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here]

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here]

[[Category:OWASP_Chapter]] [[Category:Florida]]

2015-03-12T14:50:20Z

Jmorehouse: /* Next Meeting */

== Welcome to the OWASP Tampa Local Chapter ==

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa

If you have any questions about the Tampa chapter, please send an email to the chapter leader [http://scr.im/mascasa Justin Morehouse].

The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].

Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here].

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

== Next Meeting ==
Our next meeting will be held on Thursday, March 19th from 6PM to 8PM.

Our first speaker will be Jeremy “Howie” Howerton from Checkmarx. Howie will be presenting '''Warning Ahead: Security Storms are Brewing in Your JavaScript.''' His abstract and bio are below.

'''Abstract'''
JavaScript controls our lives ? we use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have we ever properly considered the security state of this scripting
language?

Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact of JavaScript vulnerability exploitation to the enterprise: from stealing server-side data to infecting users with malware. Hackers are beginning to recognize this new playground and are quickly adding JavaScript exploitation tools to their Web attack arsenal.

In this talk we explore the vulnerabilities behind JavaScript, including:
- A new class of vulnerabilities unique only to JavaScript
- Vulnerabilities in 3rd-party platforms which are exploited through JavaScript code
- HTML5 is considered the NG-JavaScript. In turn, HTML5 introduces a new set of vulnerabilities

'''Bio'''
Howie is a Senior Application Security Consultant for the award winning SAST solution provider Checkmarx (www.checkmarx.com) In his 15 year career he has worked with some of the largest organizations in the world to define and implement cutting edge security programs within a diverse set of corporate environments. In addition to his application-specific security knowledge, Howie has extensive knowledge and experience at the host, malware, and network security layers. Previous to his current responsibilities at Checkmarx Howie held similar roles with TippingPoint and FireEye. Outside of work, Howie enjoys playing with his two kids and is an avid fan of college basketball (specifically, the Kentucky Wildcats).

== Meeting Location ==

Our next meeting will be held at the [http://www.guidepointsecurity.com/contact-us/#St._Petersburg GuidePoint Security] office in Downtown Saint Petersburg. The address is:

[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+206+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 206, Saint Petersburg, FL 33701]

Cash only parking is available across the street in the Muvico parking lot.

== Presentation Archives ==

OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]

OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]

OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]

OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]

OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]

2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]

2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]

2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]

OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]

OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]

OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]

OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]

OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]

2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]

OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]

OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]

OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]

OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]

OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]

2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]

2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]

2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here]

2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here]

2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here]

OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here]

OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here]

OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here]

OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here]

2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here]

2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here]

2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here]

2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here]

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here]

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here]

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here]

2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here]

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here]

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here]

[[Category:OWASP_Chapter]] [[Category:Florida]]

Tampa

2015-02-09T19:03:44Z

Jmorehouse: /* Next Meeting */

Tampa

2014-12-26T14:53:43Z

Jmorehouse: /* Presentation Archives */

File:InternDown4What edit.pdf

2014-12-26T14:49:18Z

Jmorehouse: Presentation given by Tony Turner at OWASP Tampa Day 2014. Most of us have a hard time finding qualified security professionals. Most junior aspiring infosec folks have a hard time proving they are qualified enough for us to hire. This is a huge gap th...

Presentation given by Tony Turner at OWASP Tampa Day 2014. Most of us have a hard time finding qualified security professionals. Most junior aspiring infosec folks have a hard time proving they are qualified enough for us to hire. This is a huge gap that many of us are struggling to fill. Internships provide a really low risk way for us to evaluate and mentor aspiring professionals. This talk will discuss how you can build an effective internship program at your employer and get involved in the local community to build an engaging pool of enthusiasts with the skills, drive and moral compass to be successful. We will also discuss what comes after the internship, and how to retain the interest of interns and help them meet their own goals. Stronger communities are infectious and breed amazing opportunities not only for organizations drawing from these talent pools but also for the next generation of professionals looking for ways to break in to the industry. Do interesting work and engage!

File:OTD 2014 - Shadow-IT-Shady-FINAL.pdf

2014-12-24T16:34:28Z

Jmorehouse: Presentation given by Joey Peloquin (Standing in for Scott VanWart) at OWASP Tampa Day 2014. Learn how to eliminate the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and...

Presentation given by Joey Peloquin (Standing in for Scott VanWart) at OWASP Tampa Day 2014. Learn how to eliminate the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps.

File:OTD 2014 - OWASPTop10forMVC.pdf

2014-12-24T16:30:52Z

Jmorehouse: Presentation given by James Davis at OWASP Tampa Day 2014. Showing how MVC, .NET and IIS can solve the low hanging fruit of the OWASP Top 10.

Presentation given by James Davis at OWASP Tampa Day 2014. Showing how MVC, .NET and IIS can solve the low hanging fruit of the OWASP Top 10.

File:OTD 2014 - owasp-mobile.pdf

2014-12-24T16:29:58Z

Jmorehouse: Presentation given by Daniel Bender at OWASP Tampa Day 2014. The mobile application eco-system presents numerous challenges to organizations that seek to apply access control or authorization models to applications. These challenges include the volume...

Presentation given by Daniel Bender at OWASP Tampa Day 2014. The mobile application eco-system presents numerous challenges to organizations that seek to apply access control or authorization models to applications. These challenges include the volume of applications, the complexity of the applications, the limitations of the mobile operating system, the limitations on mobile device management solutions, and the rich interactions that mobile applications have with network based services. When presented with the overwhelming desire to do something, organizations may implement rudimentary blacklists of applications; however, as this presentation will discuss, this approach is not scalable and vastly underestimates the complexity of the mobile eco-system. This presentation will cite examples of organizations that are applying a variety of solutions to this problem and present questions that security professionals should consider when designing solutions.

File:OTD 2014 - OMF GPS.pdf

File:Do we really know the OWASP Top 10.pdf

2014-09-30T23:24:48Z

File:TheEnemyWithin.pdf

2014-03-16T14:32:30Z

Jmorehouse: The Enemy Within - Ramece Cave, Solutionary Web Server Intel Correlation (might change the name). The presentation will discuss how and why web servers play a role in intelligence gathering and threat correlation. It will go over previous hacking campa...

The Enemy Within - Ramece Cave, Solutionary Web Server Intel Correlation (might change the name). The presentation will discuss how and why web servers play a role in intelligence gathering and threat correlation. It will go over previous hacking campaigns and how data was leveraged for exploitation or exfiltration, and how compromised servers are being used.

File:Herding Cats - OWASP, Tampa 3-12-2014.pdf

2014-03-16T14:32:06Z

Jmorehouse: Herding Cats - Carl Brothers, F5 Networks Ensuring that we can provide security and availability for on premise apps and cloud based apps, that are increasingly being accessed from uncontrolled devices feels like a never ending struggle to keep the cat...

Herding Cats - Carl Brothers, F5 Networks Ensuring that we can provide security and availability for on premise apps and cloud based apps, that are increasingly being accessed from uncontrolled devices feels like a never ending struggle to keep the cats in the corral. Let’s discuss the tools and approaches we can use to ensure that security <> decreased performance, revenue or customer satisfaction.

Tampa

2014-03-02T02:19:23Z

Jmorehouse: /* Next Meeting */

== Welcome to the OWASP Tampa Local Chapter ==

Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa

If you have any questions about the Tampa chapter, please send an email to the chapter leader [http://scr.im/mascasa Justin Morehouse].

The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].

Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here].

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

== Next Meeting ==

Our next meeting will be held on Wednesday, March 12 from 6 PM to 8 PM at GuidePoint Security in Downtown Saint Petersburg. We will have two presentations. The first, from Carl Brothers of F5 Networks is entitled ''Herding Cats''. The second, from Ramece Cave of Solutionary is entitled ''The Enemy Within''. Information on both presenters and their presentations is below.

The following is an agenda for our next meeting:
<UL>
<LI>5:45 PM to 6:00 PM - Check-in
<LI>6:00 PM to 7:00 PM - Presentation
<LI>7:00 PM to 7:15 PM - Break
<LI>7:15 PM to 8:00 PM - Presentation
</UL>

'''Herding Cats - Carl Brothers, F5 Networks'''
Ensuring that we can provide security and availability for on premise apps and cloud based apps, that are increasingly being accessed from uncontrolled devices feels like a never ending struggle to keep the cats in the corral. Let’s discuss the tools and approaches we can use to ensure that security <> decreased performance, revenue or customer satisfaction.

'''Carl Brother Biography'''
Carl Brothers joined F5 as a Field Systems Engineer after many years of being an F5 customer. Carl's previous roles have ranged from operations to systems engineering at a top 30 e-tailer and a global manufacturing company. Carl has considerable experience with web-based and virtualization technologies, including Citrix, Microsoft and VMware.

'''The Enemy Within - Ramece Cave, Solutionary'''
Web Server Intel Correlation (might change the name). The presentation will discuss how and why web servers play a role in intelligence gathering and threat correlation. It will go over previous hacking campaigns and how data was leveraged for exploitation or exfiltration, and how compromised servers are being used.

'''Ramece Cave Biography'''
Began working in information security in the Internet Abuse department at UUNET in 1999. Over the past 10 years have been focusing on forensics, reverse engineering, and malware analysis; in various incident response and SOC positions. Currently work as Research Analyst at Solutionary.

== Meeting Location ==

Our next meeting will be held at the [http://www.guidepointsecurity.com GuidePoint Security] office in Downtown Saint Petersburg. The address is:

[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+206+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 206, Saint Petersburg, FL 33701]

Cash only parking is available across the street in the Muvico parking lot.

== Presentation Archives ==

OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]

OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]

OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]

OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]

OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]

2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]

OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]

OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]

OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]

OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]

OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]

2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]

2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]

2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here]

2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here]

2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here]

OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here]

OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here]

OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here]

OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here]

2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here]

2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here]

2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here]

2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here]

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here]

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here]

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here]

2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here]

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here]

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here]

[[Category:OWASP_Chapter]] [[Category:Florida]]

Tampa

2014-03-02T02:18:48Z

2013-11-13T14:40:12Z

Jmorehouse: /* Next Meeting */

Tampa

2013-11-13T14:38:38Z

Jmorehouse: /* Welcome to the OWASP Tampa Local Chapter */