OWASP - User contributions [en]

User talk:Joshuaq

2010-08-16T05:49:29Z

Joshuaq: Created page with '"Security Event and Incident Management" Panel Session - 17 August 2010'

"Security Event and Incident Management" Panel Session - 17 August 2010

Perth Australia

2010-08-16T04:37:53Z

Joshuaq: /* Upcoming OWASP Events */

{{Chapter Template|chaptername=Perth, Western Australia|extra=The chapter leaders are:
* [http://www.owasp.org/index.php/User:Xntrik Christian Frichot]
* [mailto:joshua@qwek.com Joshua Qwek]
* Timothy Bessant
* [mailto:david.taylor@bankwest.com.au David Taylor]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Perth|emailarchives=http://lists.owasp.org/pipermail/owasp-Perth}}

<paypal>Perth Australia</paypal>

== Upcoming OWASP Events ==

17 Aug 2010 Topic: "Security Event and Incident Management" Panel Session

Joshua Qwek, one of Perth's OWASP chapter lead, will be one of the panellist in the above event organised by AISA (www.aisa.org.au).

When: 5:15pm
Where: L7 Training
Level 14, 256 Adelaide Tce (Septimus Row Square, cnr of Victoria Ave)
Perth WA 6000

Below is a brief summary from AISA's event page:

Log management is a necessary task in Security Management, but is often neglected. There are various pressures being placed on businesses, such as audit and compliance, industry standards (eg PCI, APRA), internal security maturity which have allowed organisations to understand the benefits to be gained from undertaking a SEIM project.

There are many options for organisations looking to develop log management and security incident response processes, which range from open source syslog solutions, through to vendor supplied SEIM products and cloud based monitoring solutions.

A panel selected from a variety of industries including representation from security consulting, corporate and vendor will discuss the considerations, options and benefits of employing SEIM technology and processes.

Our MC: Steve Schupp - AISA Perth Branch Executive

A panel selected from a variety of industries including representation from security consulting, corporate and vendor will discuss the considerations, options and benefits of employing SEIM technology and processes.

For more event information, please refer to AISA's website.

== Previous OWASP Meetings ==

=== How mature is your software security process? (Perth AISA May 2010) ===

==== [http://www.aisa.org.au/index.php?page=287 AISA Details] ====

As the security industry continues to change its focus to application
security a lot of companies who rely on software, developed either
internally or externally, are wondering what they can do reduce the risk
of security flaws.

Microsoft's Security Development Lifecycle (SDL) model can look
appealing, however without a clear understanding of what your software
security processes look like, it may be difficult to achieve any real
improvements.

Implementing a holistic end-to-end software security process can often
look like an impossible task, and while the end picture resembles Eden,
it's often the first steps that everyone stumbles on. As the saying goes
"You can't manage what you can't measure", and without a clear
understanding of what your software security processes look like now it's
unlikely that you can achieve any real improvements.

OWASP's Open Software Assurance Maturity Model, or OpenSAMM, aims
to assist organisations, both big and small, in evaluating their existing
software security practices and constructing a measurable, balanced
program to increase their software security.

Wondering how this can help your internal development processes? Want
to have a more rigid process to audit your externally developed software
processes? Then perhaps OWASP's OpenSAMM project can assist.

This meeting will be co-hosted by both the local AISA chapter and the Perth OWASP chapter.

=== Perth OWASP - Perth AISA Technical Day (Dec 2009) ===

==== [http://www.owasp.org/index.php/File:AISA_Perth_TSD_2009_Brochure_-Final.pdf Brochure] ====

The local OWASP boys will be whipping out their flux capacitor to fit as much information as they possibly can into a 2 hour jam-packed session on web app security testing. By providing a flyby of the OWASP Testing Guide, David and Christian aim to demonstrate and explain how to detect security vulnerabilities in your own web applications, including: Cross Site Scripting; Injection Flaws; Cross Site Request Forgery and Session Management Flaws.

Demonstrations will utilise a number of open source and freely available tools, including OWASP's own WebScarab. To provide a yoga-like flexibility to the session all materials and testing environments (an Ubuntu wrapped VMware virtual machine) will be provided to attendees, allowing you to either chase us rapidly down the rabbit hole of the OWASP Top 10, or to take your own time after the session...

The perfect way to spend a lazy Sunday afternoon.

=== Web-based Malware (Sep 2009) ===

==== About the presenter ====
Shlomi Cohen joined IBM with the Watchfire acquisition at August 2007.
Over nine years of experience in web application security in both start-ups and established companies. Emphasis in strategic selling, sales consulting, technical sales and management.
* Leading the Security solution on the WW Rational Tiger sales team
* Work with the customers and the local sales team to form the right security solution
* Development of sale process for multiple products
* Working closely with customers and the product management team in driving the products roadmaps
* Assisting IBM’s growth in acquisition portfolio

Previous to the WW Rational Security Solution leader:
* Managing the technical sales team for Watchfire in the Americas group of IBM
* Watchfire Security Research team manager - A team responsible for various web application security aspects including web application vulnerability research, security product rule updates, enhanced security feature definition, security audits, customer support, marketing and sales assistance
* AppShield Development Manager - Managed the development and QA teams for the AppShield product - a client Server Web Application Firewall

=== Threat Modelling in the Software Development Lifecycle (Feb 2009) ===

One of the most important concepts being promoted in the security industry is security in the software development lifecycle. This concept is important due to two primary factors:
* It is generally recognised that by shifting security activities closer towards the requirements gathering stage, or the design stage, that less vulnerabilities will make their way into the production systems.
* It is also recognised that the cost of mitigating vulnerabilities increases later in the lifecycle.
By walking through a case study I hope to demonstrate the effectiveness of addressing risk during the earlier stage of the software development lifecycle, and that these activities are not solely the responsibility of the "security guy", but all participants in a software project including the project manager, business stakeholders and software designer.
==== About the presenter ====
Christian Frichot is currently employed by Bankwest working within the Security Consulting Services team. His core responsibilities include phishing and online fraud response, security assessments, information risk assessments and other ad-hoc information security consulting. Christian hopes to spend more time in '09 focusing on education and application security, where he feels more effort needs to be applied.

-Updated 18/11/09 by [mailto:xntrik@gmail.com Christian Frichot]

[[Category:OWASP Chapter]]
[[Category:Australia]]

Perth Australia

2010-08-16T04:14:13Z

Joshuaq: /* Upcoming OWASP Events */

{{Chapter Template|chaptername=Perth, Western Australia|extra=The chapter leaders are:
* [http://www.owasp.org/index.php/User:Xntrik Christian Frichot]
* [mailto:joshua@qwek.com Joshua Qwek]
* Timothy Bessant
* [mailto:david.taylor@bankwest.com.au David Taylor]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Perth|emailarchives=http://lists.owasp.org/pipermail/owasp-Perth}}

<paypal>Perth Australia</paypal>

== Upcoming OWASP Events ==

17 Aug 2010 Topic: "Security Event and Incident Management" Panel Session

Joshua Qwek, one of Perth's OWASP chapter lead, will be one of the panelistin the above event organised by AISA (www.aisa.org.au).

When: 5:15pm
Where: L7 Training
Level 14, 256 Adelaide Tce (Septimus Row Square, cnr of Victoria Ave)
Perth WA 6000

Below is a brief summary from AISA's event page:
''
Log management is a necessary task in Security Management, but is often neglected. There are various pressures being placed on businesses, such as audit and compliance, industry standards (eg PCI, APRA), internal security maturity which have allowed organisations to understand the benefits to be gained from undertaking a SEIM project.

There are many options for organisations looking to develop log management and security incident response processes, which range from open source syslog solutions, through to vendor supplied SEIM products and cloud based monitoring solutions.

A panel selected from a variety of industries including representation from security consulting, corporate and vendor will discuss the considerations, options and benefits of employing SEIM technology and processes.

Our MC: Steve Schupp - AISA Perth Branch Executive

A panel selected from a variety of industries including representation from security consulting, corporate and vendor will discuss the considerations, options and benefits of employing SEIM technology and processes.
''

For more event information, please refer to AISA's website.

== Previous OWASP Meetings ==

=== How mature is your software security process? (Perth AISA May 2010) ===

==== [http://www.aisa.org.au/index.php?page=287 AISA Details] ====

As the security industry continues to change its focus to application
security a lot of companies who rely on software, developed either
internally or externally, are wondering what they can do reduce the risk
of security flaws.

Microsoft's Security Development Lifecycle (SDL) model can look
appealing, however without a clear understanding of what your software
security processes look like, it may be difficult to achieve any real
improvements.

Implementing a holistic end-to-end software security process can often
look like an impossible task, and while the end picture resembles Eden,
it's often the first steps that everyone stumbles on. As the saying goes
"You can't manage what you can't measure", and without a clear
understanding of what your software security processes look like now it's
unlikely that you can achieve any real improvements.

OWASP's Open Software Assurance Maturity Model, or OpenSAMM, aims
to assist organisations, both big and small, in evaluating their existing
software security practices and constructing a measurable, balanced
program to increase their software security.

Wondering how this can help your internal development processes? Want
to have a more rigid process to audit your externally developed software
processes? Then perhaps OWASP's OpenSAMM project can assist.

This meeting will be co-hosted by both the local AISA chapter and the Perth OWASP chapter.

=== Perth OWASP - Perth AISA Technical Day (Dec 2009) ===

==== [http://www.owasp.org/index.php/File:AISA_Perth_TSD_2009_Brochure_-Final.pdf Brochure] ====

The local OWASP boys will be whipping out their flux capacitor to fit as much information as they possibly can into a 2 hour jam-packed session on web app security testing. By providing a flyby of the OWASP Testing Guide, David and Christian aim to demonstrate and explain how to detect security vulnerabilities in your own web applications, including: Cross Site Scripting; Injection Flaws; Cross Site Request Forgery and Session Management Flaws.

Demonstrations will utilise a number of open source and freely available tools, including OWASP's own WebScarab. To provide a yoga-like flexibility to the session all materials and testing environments (an Ubuntu wrapped VMware virtual machine) will be provided to attendees, allowing you to either chase us rapidly down the rabbit hole of the OWASP Top 10, or to take your own time after the session...

The perfect way to spend a lazy Sunday afternoon.

=== Web-based Malware (Sep 2009) ===

==== About the presenter ====
Shlomi Cohen joined IBM with the Watchfire acquisition at August 2007.
Over nine years of experience in web application security in both start-ups and established companies. Emphasis in strategic selling, sales consulting, technical sales and management.
* Leading the Security solution on the WW Rational Tiger sales team
* Work with the customers and the local sales team to form the right security solution
* Development of sale process for multiple products
* Working closely with customers and the product management team in driving the products roadmaps
* Assisting IBM’s growth in acquisition portfolio

Previous to the WW Rational Security Solution leader:
* Managing the technical sales team for Watchfire in the Americas group of IBM
* Watchfire Security Research team manager - A team responsible for various web application security aspects including web application vulnerability research, security product rule updates, enhanced security feature definition, security audits, customer support, marketing and sales assistance
* AppShield Development Manager - Managed the development and QA teams for the AppShield product - a client Server Web Application Firewall

=== Threat Modelling in the Software Development Lifecycle (Feb 2009) ===

One of the most important concepts being promoted in the security industry is security in the software development lifecycle. This concept is important due to two primary factors:
* It is generally recognised that by shifting security activities closer towards the requirements gathering stage, or the design stage, that less vulnerabilities will make their way into the production systems.
* It is also recognised that the cost of mitigating vulnerabilities increases later in the lifecycle.
By walking through a case study I hope to demonstrate the effectiveness of addressing risk during the earlier stage of the software development lifecycle, and that these activities are not solely the responsibility of the "security guy", but all participants in a software project including the project manager, business stakeholders and software designer.
==== About the presenter ====
Christian Frichot is currently employed by Bankwest working within the Security Consulting Services team. His core responsibilities include phishing and online fraud response, security assessments, information risk assessments and other ad-hoc information security consulting. Christian hopes to spend more time in '09 focusing on education and application security, where he feels more effort needs to be applied.

-Updated 18/11/09 by [mailto:xntrik@gmail.com Christian Frichot]

[[Category:OWASP Chapter]]
[[Category:Australia]]

Perth Australia

2010-08-16T04:12:43Z

Joshuaq: /* Upcoming OWASP Events */

{{Chapter Template|chaptername=Perth, Western Australia|extra=The chapter leaders are:
* [http://www.owasp.org/index.php/User:Xntrik Christian Frichot]
* [mailto:joshua@qwek.com Joshua Qwek]
* Timothy Bessant
* [mailto:david.taylor@bankwest.com.au David Taylor]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Perth|emailarchives=http://lists.owasp.org/pipermail/owasp-Perth}}

<paypal>Perth Australia</paypal>

== Upcoming OWASP Events ==

17 Aug 2010 Topic: "Security Event and Incident Management" Panel Session
Joshua Qwek, one of Perth's OWASP chapter lead, will be one of the panelistin the above event organised by AISA (www.aisa.org.au). Below is a brief summary from AISA's event page:
''
Log management is a necessary task in Security Management, but is often neglected. There are various pressures being placed on businesses, such as audit and compliance, industry standards (eg PCI, APRA), internal security maturity which have allowed organisations to understand the benefits to be gained from undertaking a SEIM project.

There are many options for organisations looking to develop log management and security incident response processes, which range from open source syslog solutions, through to vendor supplied SEIM products and cloud based monitoring solutions.

A panel selected from a variety of industries including representation from security consulting, corporate and vendor will discuss the considerations, options and benefits of employing SEIM technology and processes.

Our MC: Steve Schupp - AISA Perth Branch Executive

A panel selected from a variety of industries including representation from security consulting, corporate and vendor will discuss the considerations, options and benefits of employing SEIM technology and processes.
''

For more event information, please refer to AISA's website.

== Previous OWASP Meetings ==

=== How mature is your software security process? (Perth AISA May 2010) ===

==== [http://www.aisa.org.au/index.php?page=287 AISA Details] ====

As the security industry continues to change its focus to application
security a lot of companies who rely on software, developed either
internally or externally, are wondering what they can do reduce the risk
of security flaws.

Microsoft's Security Development Lifecycle (SDL) model can look
appealing, however without a clear understanding of what your software
security processes look like, it may be difficult to achieve any real
improvements.

Implementing a holistic end-to-end software security process can often
look like an impossible task, and while the end picture resembles Eden,
it's often the first steps that everyone stumbles on. As the saying goes
"You can't manage what you can't measure", and without a clear
understanding of what your software security processes look like now it's
unlikely that you can achieve any real improvements.

OWASP's Open Software Assurance Maturity Model, or OpenSAMM, aims
to assist organisations, both big and small, in evaluating their existing
software security practices and constructing a measurable, balanced
program to increase their software security.

Wondering how this can help your internal development processes? Want
to have a more rigid process to audit your externally developed software
processes? Then perhaps OWASP's OpenSAMM project can assist.

This meeting will be co-hosted by both the local AISA chapter and the Perth OWASP chapter.

=== Perth OWASP - Perth AISA Technical Day (Dec 2009) ===

==== [http://www.owasp.org/index.php/File:AISA_Perth_TSD_2009_Brochure_-Final.pdf Brochure] ====

The local OWASP boys will be whipping out their flux capacitor to fit as much information as they possibly can into a 2 hour jam-packed session on web app security testing. By providing a flyby of the OWASP Testing Guide, David and Christian aim to demonstrate and explain how to detect security vulnerabilities in your own web applications, including: Cross Site Scripting; Injection Flaws; Cross Site Request Forgery and Session Management Flaws.

Demonstrations will utilise a number of open source and freely available tools, including OWASP's own WebScarab. To provide a yoga-like flexibility to the session all materials and testing environments (an Ubuntu wrapped VMware virtual machine) will be provided to attendees, allowing you to either chase us rapidly down the rabbit hole of the OWASP Top 10, or to take your own time after the session...

The perfect way to spend a lazy Sunday afternoon.

=== Web-based Malware (Sep 2009) ===

==== About the presenter ====
Shlomi Cohen joined IBM with the Watchfire acquisition at August 2007.
Over nine years of experience in web application security in both start-ups and established companies. Emphasis in strategic selling, sales consulting, technical sales and management.
* Leading the Security solution on the WW Rational Tiger sales team
* Work with the customers and the local sales team to form the right security solution
* Development of sale process for multiple products
* Working closely with customers and the product management team in driving the products roadmaps
* Assisting IBM’s growth in acquisition portfolio

Previous to the WW Rational Security Solution leader:
* Managing the technical sales team for Watchfire in the Americas group of IBM
* Watchfire Security Research team manager - A team responsible for various web application security aspects including web application vulnerability research, security product rule updates, enhanced security feature definition, security audits, customer support, marketing and sales assistance
* AppShield Development Manager - Managed the development and QA teams for the AppShield product - a client Server Web Application Firewall

=== Threat Modelling in the Software Development Lifecycle (Feb 2009) ===

One of the most important concepts being promoted in the security industry is security in the software development lifecycle. This concept is important due to two primary factors:
* It is generally recognised that by shifting security activities closer towards the requirements gathering stage, or the design stage, that less vulnerabilities will make their way into the production systems.
* It is also recognised that the cost of mitigating vulnerabilities increases later in the lifecycle.
By walking through a case study I hope to demonstrate the effectiveness of addressing risk during the earlier stage of the software development lifecycle, and that these activities are not solely the responsibility of the "security guy", but all participants in a software project including the project manager, business stakeholders and software designer.
==== About the presenter ====
Christian Frichot is currently employed by Bankwest working within the Security Consulting Services team. His core responsibilities include phishing and online fraud response, security assessments, information risk assessments and other ad-hoc information security consulting. Christian hopes to spend more time in '09 focusing on education and application security, where he feels more effort needs to be applied.

-Updated 18/11/09 by [mailto:xntrik@gmail.com Christian Frichot]

[[Category:OWASP Chapter]]
[[Category:Australia]]

Perth Australia

2009-01-08T15:00:18Z

Joshuaq:

{{Chapter Template|chaptername=Perth, Western Australia|extra=The chapter leader is [mailto:joshua@qwek.com Joshua Qwek]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Perth|emailarchives=http://lists.owasp.org/pipermail/owasp-Perth}}

<paypal>Perth Australia</paypal>

== Local News ==

'''Meeting Location'''

Everyone is welcome to join us at our chapter meetings.
Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions, send an email to us.

The location of the meeting is tentatively located at:
Grind Cafe, Trinity Arcade in the City.

Joshua 11 Oct 2008
[[Category:OWASP Chapter]]

Perth Australia

2008-10-11T13:19:10Z

Joshuaq: /* Local News */

{{Chapter Template|chaptername=Perth, Western Australia|extra=The chapter leader is [mailto:joshua.Qwek@stratsec.net Joshua Qwek]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Perth|emailarchives=http://lists.owasp.org/pipermail/owasp-Perth}}

<paypal>Perth Australia</paypal>

== Local News ==

'''Meeting Location'''

Everyone is welcome to join us at our chapter meetings.
Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions, send an email to us.

The location of the meeting is tentatively located at:
Grind Cafe, Trinity Arcade in the City.

Joshua 11 Oct 2008
[[Category:OWASP Chapter]]

Perth Australia

2008-10-11T12:53:17Z

Joshuaq: /* Local News */

Perth Australia

2008-10-11T12:47:06Z

Joshuaq: