OWASP - User contributions [en]

2017 Global Board of Directors Election

2017-10-10T15:27:19Z

Mark Major: /* Election Timeline */ Corrected a minor typo

== 2017 Global Board of Directors Election ==

 
The OWASP Foundation was established in 2001 as an open community and software security resource. Since then, OWASP has grown to be globally recognized as a credible source for application security standards (see industry citations). Individuals typically find OWASP when searching the internet for information about software security - and they are happy to find a reliable source of knowledge built by an extremely open and passionate community. OWASP is open to anyone. Anyone can attend OWASP's vendor agnostic local chapter meetings, participate in regional and global conferences, and contribute to the many OWASP projects. And anyone can start a new project, form a new chapter, or lend their expertise to help an OWASP Global Committee.

The OWASP Foundation Board of Directors currently consists of seven elected volunteers. These unpaid volunteers dedicate themselves to the organizational mission and playing a pivotal role in the software security community. OWASP conducts democratic elections of its Board Members to enable bottom-up advancement of its mission.

=== About OWASP ===
* [https://www.owasp.org/index.php/About_OWASP Learn About OWASP]
* Read the OWASP Foundation bylaws - [https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf Click Here]
* Review the Monthly Board meetings, voting history and topics - [https://www.owasp.org/index.php/OWASP_Board_Meetings Click Here]

=== '''Election Timeline'''===
# Notify the 4 current board member(s) whose term is up - May 22, 2017 
# Call for Candidates Opens - May 23, 2017 ''' '''
# Honorary Membership Self Nomination - Open year round [https://www.owasp.org/index.php/2017_Honorary_Membership '''SUBMIT HERE'''] 
# Submission for Questions From the Community for the Candidate Interviews - Opens June 9, 2017 
# Email Reminder Call For Candidates - June 9, 2017 
# Email Reminder Honorary Membership - June 9, 2017 
# Email Reminder Call For Candidates - June 19, 2017 
# Email Reminder Honorary Membership - June 19, 2017 
# Email Reminder Call for Questions from the Community - June 19, 2017 
# Email Reminder Call For Candidates - June 30, 2017 
# Email Reminder Honorary Membership - June 30, 2017 
# Email Reminder Call for Questions from the Community - June 30, 2017 
# Email Reminder Call For Candidates - July 14, 2017 
# Email Reminder Honorary Membership - July 14, 2017 
# Email Reminder Call for Questions from the Community - July 14, 2017 
# Email Reminder Call For Candidates - July 24 , 2017 
# Email Reminder Honorary Membership - July 24 , 2017 
# Email Reminder Call for Questions from the Community - July 24, 2017 
# Deadline for Call for Candidates Closes - July 31, 2017 
# Deadline for Questions from the Community - July 31, 2017 
# Verification of candidates - August 1 - August 7, 2017 
# Candidates announced - August 8, 2017 
# The 6-7 top questions from the community will be selected & shared with Candidates - August 9, 2017 
# Scheduling of group interviews - August 8, 2017 
# Group interviews will be held - August 25 - September 1, 2017 
# Deadline for interview recordings to be completed - September 1, 2017 
# Recordings posted on the election wiki page - On or before September 18, 2017 
# Email/Social Media notifying the community the recordings are posted - On or before September 18, 2017 
# Paid Membership Deadline - September 30, 2017 
# Voting opens - October 9, 2017 
# Voting closes - October 31, 2017 
# Results shared with all candidates - November 7, 2017 (EST AM) 
# Results shared via email and social media - November 7, 2017 (EST PM) 

=== '''Global Board of Directors Primary Responsibilities''' ===

The OWASP Foundation Board of Directors currently consists of seven elected volunteers who serve a [https://www.owasp.org/index.php/OWASP_Foundation_ByLaws two year term]. These unpaid volunteers dedicate themselves to the organizational mission and playing a pivotal role in the software security community. Members of the Global Board of Directors are responsible for setting the strategic direction of the organization and ensuring the financial integrity of the Foundation.

Detailed information on meeting requirements, roles and responsibilities within the board, term limits, and elections is found in the [https://www.owasp.org/index.php/OWASP_Foundation_ByLaws OWASP Foundation bylaws]. The Board of Directors Code of Conduct and details of the orientation and on-boarding process are found on our [https://www.owasp.org/index.php/Governance Governance page].

Please reach out to our [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members current Board Members] if you'd like additional information on what it's like to be a Global Board member at the OWASP Foundation.

Additional Responsibilities that the International Board of Directors must adhere to can be found [https://www.owasp.org/index.php/Governance on the Foundation Governance Page]

[https://www.owasp.org/index.php/OWASP_Board_History '''Board History''']

=== '''Eligibility Requirements for Board Candidates''' ===
You need to be an OWASP individual [https://docs.google.com/spreadsheets/d/1ixfWQ7j24lS9Teq9wPUA4-DtgxpMMT5YBJhWFd0JnoM/edit?usp=sharing member] in good standing for a twelve (12) month period of time prior to September 30, 2017. Candidates are required to create a wiki page that includes: a bio, current membership status, a brief description of why you feel you are the best candidate, and why you would like to be elected. You will be contacted on August 7, 2017 to schedule a group audio interview. If you are interesting in running for a seat on the OWASP Global Board please submit your intention along with the requirements listed above. All submissions will be reviewed and verified by OWASP. '''The Call for Candidates is now closed.'''
 

=== '''Meet the Candidates and listen to their interviews''' ===
* [[Greg Anderson 2017 Bio & Why Me?|Greg Anderson]] - [https://www.owasp.org/download/2017-board-election/Greg_Anderson.mp3 interview]
* [[Bil Corry 2017 Bio & Why Me?|Bil Corry]] - [https://www.owasp.org/download/2017-board-election/Bil_Corry.mp3 interview]
* [[Arthur Hicken 2017 Bio & Why Me?|Arthur Hicken]] - [https://www.owasp.org/download/2017-board-election/Arthur_Hicken.mp3 interview]
* [[Steve Kosten 2017 Bio & Why Me?|Steve Kosten]] - [https://www.owasp.org/download/2017-board-election/Steve_Kosten.mp3 interview]
* [[Sherif Mansour 2017 Bio & Why Me?|Sherif Mansour]] - [https://www.owasp.org/download/2017-board-election/Sherif_Mansour.mp3 interview]
* [[Owen Pendlebury 2017 Bio & Why Me?|Owen Pendlebury]] - [https://www.owasp.org/download/2017-board-election/Owen_Pendlebury.mp3 interview]
* [[Milton Smith 2017 Bio & Why Me?|Milton Smith]] - [https://www.owasp.org/download/2017-board-election/Milton_Smith.mp3 interview]
* [[Chenxi Wang 2017 Bio & Why Me?|Chenxi Wang]] - [https://www.owasp.org/download/2017-board-election/Chenxi_Wang.mp3 interview]

==='''Call for Questions'''===
The 2017 Global Board of Directors election will start accepting candidate submissions on June 6, 2017. If you are interested in helping lead a global community that strives on making the world a safer place, then please consider running for a seat on the OWASP Global Board of Directors.

From August 9 - September 1, 2017 all individuals who submitted a candidacy will be interviewed, and asked a series of questions about why they feel they should be elected. The questions they are asked come from you! We will take the top 6-7 questions and those will be the questions used during the candidate interviews. You may submit your own question(s) and/or give a "thumbs up" to any existing question previously submitted by your fellow community members.

'''The Call for Questions is now CLOSED.''' 

The questions below are the top 7 questions submitted and voted on by the OWASP Community. The candidates will be asked a series of these questions during their group interviews schedule for later this month.

1. How do you make sure that the board's decisions won't be influenced by any personal favors or corruption? 
2. OWASP does not have a great reputation internationally due what most people call "Politics", how do you intend to solve the "Politics" problem? 
3. How do you intend to address bullying within OWASP? If someone is a repeat offender, will you enforce rules to expel or suspend offending parties? 
4. How do you intend to empower the Compliance Committee? Currently all it has the power to do is mediate or make suggestions, it needs more than that. 
5. What accomplishments related to OWASP Foundation's mission have you demonstrated in the last (5) years? 
6. What kind of action plan do you have in mind to help motivate the participation of Developers into OWASP community? 
7. What is your strategy to keep chapters active and motivated with OWASP and keep having meetings and organize local events? 

=== '''Honorary Membership''' ===
Who is eligible for Honorary Membership?
*OWASP Chapter Leaders - The OWASP Chapter MUST be active and your leadership position MUST be on file with the OWASP Foundation 6 months prior to September 30, 2017.
*OWASP Project Leaders - The OWASP Project MUST be active and your leadership position MUST be on file with the OWASP Foundation 6 months prior to September 30, 2017.

'''**NOTE**''' If you are an OWASP leader that does not have a current paid Individual Membership or current Honorary Membership on file, but meets the requirements (see eligibility above) for Honorary Membership, then you '''MUST APPLY''' for an Honorary Membership in order to vote in this year's election. The Honorary Membership request form is available [https://www.owasp.org/index.php/2017_Honorary_Membership '''HERE''']. All submissions will be reviewed and verified by OWASP.

=== '''Who Can Vote?''' ===
OWASP paid Individual Members, paid Corporate Members and Honorary Members registered as of September 30, 2017 will have (1) vote per seat (there are 4 seats up for this election).
Please check the current [https://docs.google.com/spreadsheets/d/1WN07dNGBldvYC_RmTKKsrYdguSUghlLP5A7QfQa6G9M/edit?usp=sharing Member Directory]. If you are not a member yet, we encourage you to [http://myowasp.force.com/memberappregion '''JOIN NOW'''!]
 

=== '''How Do I Vote?''' ===
On October 9, 2017 eligible voting members will receive an email to their registered email address from owasp@simplyvoting.com with subject "BALLOT FOR OWASP 2017 Board Election"
This email will include a specific link for you to cast your vote. Please do '''NOT''' share this link with anyone. It is a specific link '''JUST FOR YOU'''!

Additionally, eligible voting members will also receive an email from the OWASP Foundation notifying them that their ballot has been sent. In the instance that they did not receive a ballot they are asked to [https://www.tfaforms.com/308703 contact us] immediately.

=== '''Have additional questions about the OWASP Membership?''' ===
*Read the Membership FAQ [https://www.owasp.org/index.php/MEMBERSHIP_FAQ CLICK HERE] 

=== '''Election FAQ''' ===
If you have a question about the current election please [http://owasp4.owasp.org/contactus.html '''CLICK HERE'''].
*'''Where can I find communication to the OWASP Community about the upcoming election?'''
** Answer: We will try to publish announcements and key milestone reminders to as many communication channels as possible, including the OWASP Blog, OWASP Connector, OWASP Leader's List and this Wiki Page. Please feel free to help us communicate the message, by re-posting, re-tweeting, or sharing with the OWASP Chapter, Project, or Initiatives you are involved with.

* '''Where can I find information on last years Board election?'''
** Answer: [[2016 Global Board of Directors Election]]

=== '''Communications''' ===
# May 22, 2017 - Notified via email the 4 current board members who's term will be complete as of December 31, 2017
# May 23, 2017 - Email sent via Master List in Vertical Response, to the Leaders list and to the Community list. Posted on [https://twitter.com/owasp/status/867113063555760128 Twitter], [https://www.linkedin.com/groups/36874/36874-6272879979424423938 LinkedIn] and [https://www.facebook.com/groups/owaspfoundation/permalink/1343770252410311/ Facebook]
# May 24, 2017 - [https://owasp.blogspot.com/2017/05/2017-owasp-global-bod-election-call-for.html OWASP Blog post]
# May 31, 2017 - Email reminder sent to Leaders list and to the Community list.
# June 9, 2017 - Email reminder sent to Leaders list and to the Community list (Call for Candidates, Honorary Membership & Call for Questions).
# June 30, 2017 - Email reminder sent to Leaders list and to the Community list (Call for Candidates, Honorary Membership & Call for Questions).

User:Mark Major

2016-08-04T04:43:07Z

Mark Major:

== Mark Major ==

{| style="width: 100%;"
|- valign="top"
| By day Mark works as a cybersecurity engineer and penetration tester for [http://www.aerstone.com Aerstone], and by night he runs the [[Boulder]] OWASP chapter. Mark is actively building an Attackerspace, an open meeting place for collaboration, outreach, training, hackathons, movies nights, and generally accessing hardware, software, and tools not easily accessed by individuals. The Attackerspace will be open to the public, including partnerships with regional schools to share OWASP resources with the next generation of web developers.

Past projects included directing [[Front_Range_OWASP_Conference_2013|SnowFROC]] and [http://2014.appsecusa.org/2014/ AppSec USA 2014]. In support of these conferences, Mark managed a [http://www.waspnestctf.com/ home-grown Capture the Flag tournament] and the Code Brew beer hacking competition.

To learn more about the Boulder Chapter or the related projects, drop by one of the [http://www.meetup.com/OWASP-Boulder/ free meetings].

To just say 'hey', drop a note to mark dot major at owasp dot org.
| style="width: 200px; |
| [[Image:BOWASP_Major.jpg|160px|alt=Mark Major|right]]
|}

WASPY Awards 2016

2016-08-04T04:35:55Z

Mark Major:

[[File:WASPY 2016 Banner.jpg]]
 
'''Web Application Security People of the Year Awards 2016'''

=='''Timeline'''==
June 7, 2016 - Call for Nominees Opens! CLOSED 
June 20, 2016 - [https://www.owasp.org/index.php/2016_Membership_Drive_April_1_-_June_20 Paid Membership] Deadline. Not sure if you are a member? [https://docs.google.com/spreadsheets/d/1iabh7RrMMRQce0cDQsv_GdQtSKz4G9ISan9svfn_6kE/edit?usp=sharing Check Here ] 
July 28, 2016 - Call for Nominees CLOSED 
July 29, 2016 - Announcement of Nominees per Category to the Community 
August 5, 2016 - Deadline for Nominee Profile Picture and Bio to be created and added to the nominees Citation 
August 10, 2016 - Voting Opens 
August 24, 2016 - Voting Closes 
August 25, 2016 - Winners are Notified 
August 25, 2016 - Announcement of Winners to the Community 
October 13/14, 2016 - Award Ceremony at AppSecUSA 2016 in Washington, DC 

=='''Purpose of the Awards'''==
Each year there are many individuals who do amazing work, dedicating countless hours to share, improve, and strengthen the OWASP mission. Some of these individuals are well known to the community while others are not.
 
 
'''The purpose of these awards is to bring recognition to those who "FLY UNDER THE RADAR". These are the individuals who are passionate about OWASP, who contribute hours of their own free time to the organization to help improve the cyber-security world, yet seem to go unrecognized.'''
 
 
Community members are able to nominate 1 individual per category (see Categories below) who they feel best fits these descriptions so that, as a community, we can recognize these people for their contributions. We are tying in the WASPY Awards to help identify and recognize individuals who demonstrate our core values and annual report theme of ''Leading - Learning - Sharing - Growing''. We value your input and consideration for nominations in the categories below.
 

=='''Categories'''==
1. '''Open/Leading''' - Everything at OWASP is radically transparent – from our finances to our code. This award goes to a member of the OWASP community who has supported the OWASP mission of transparency through their influence, management, and leadership in the community. This might be a chapter or project leader or may be someone who has worked within the community.
 

2. '''Integrity/Learning''' - OWASP is an honest and truthful, vendor neutral, global community. This award goes to an individual who recognizes the benefits of the power of the collective community within OWASP, who challenges the status quo, and generates an excitement in the learning community.
 
 
3. '''Innovation/Sharing''' - OWASP encourages and supports innovation and experiments for solutions to software security challenges. This award goes to an individual who has inspired and encouraged others in the arena of software security with innovative and cutting edge solutions to software security challenges.
 
 
4. '''Global/Growing''' - Around the world, OWASP encourages and supports innovation and experiments for solutions to software security challenges. This award goes to an individual who truly represents the OWASP Global scope and recognizes the importance of growth. The nominee reaches out beyond the OWASP circle to raise awareness of software security in locations outside of the OWASP comfort zone.
 
=='''And the Nominees Are...'''==
{| border="1" cellpadding="2"
! scope="col" align="center" width="150" | Name
! scope="col" align="center" width="800" | Category & Citation
|-
|align="center"|Tony Clarke||align="center"|'''Open/Leading Category''' Tony has been nominated 2 times for this category. '''Citation 1'''Tony has recently volunteered in the Dublin (Ireland) chapter and more recently been voted in as chapter leader. From his initial efforts, Tony has completely transformed this stagnant chapter and has already in just a few months re-organised the chapter and opened it up to the many volunteers who want to be involved. Running initiatives such as 'Women in Appsec', Tony has helped increase meeting attendances and the Dublin board now consists of nearly 20 individuals. Tony has embraced the open, transparency and inclusiveness side of owasp and is an inspiration to many. 
'''Citation 2''' I would like to Nominate Tony Clarke for this award. He has been on the OWASP board in Dublin since November 2015 and there have been massive changes within the chapter since then. Tony has transformed the Dublin Chapter and has been recently elected as Dublin Chapter Lead with a landslide victory.I have been attending OWASP events since 2012 and over the past 8 months it is visible of the impact Tony and OWASP are having within the local Dublin security security community.Previously, events were sporadic and occurred every few months. There was never an organised schedule of events. Communication of the events were also poor. With Tony on board, this has changed. Events are now at the end of each month and are organised on a scheduled basis. Communication has improved and with extra social media interaction, OWASP events are now more visible than before.At the end of May the Chapter hosted an event focusing on Women In Security. Keynote speakers such as Jane Frankland, Jacky Fox, local women involved in the security community presented at the event.Everyone left the event feeling motivated. My partner who is a science graduate attended the event with me. She left the event wanting to work in Security and has since begun the enrollment into a Security Conversion Masters in UCD. This is the sort of impact which Tony's work is having on the people of Dublin.The OWASP Dublin chapter previously had 40-50 people MAX at events. It was the same people always. There were 200+ people in attendance at the Women In Security event in May. This sort of attendee never been seen before at a local chapter meeting in Dublin.I believe that this attendance peaked because of Tony's drive to engage the security community in Dublin. Tony organised contacts in universities and large multinational organisations to send email communication to Dublin staff'students. His aim to get more women studying technology or working in technology companies engaging with the security community in Dublin. Tony is leaving no stone un-turned to make OWASP Dublin to success within the community.As a committee member of OWASP Dublin I know that Tony is now reaching out to work with local education bodies such as Smart futures (Science Foundation Ireland) Dublin Institute of Technology, ISACA and Science Gallery. He has brought a plan to our chapter and given us a goal this year to collaborate with education bodies to try sell our security industry to people in education. This is not limited to 3rd level, but also primary and secondary. Tony is leading this initiative and it would not happen without him.I found out about these awards as Tony is trying to improve the open-ness of the Dublin chapter. He is encouraging the community to post this sort of communications to the social media platforms such as facebook, twitter, linked-in.Based on above, Tony has demonstrated that he is not in this for the title or limelight but for the good of the community. He is a leader who is willing to listen and wants to delegate if any OWASP committee member are willing to take on a task. Like any good leader, if he does not have anyone available to do a task, he does it himself.OWASP Dublin Chapter has only been under the leadership of Tony Clarke for two months. We have been enjoying success since Tony first attended a board meeting in 2015. Tony is having major impact within Dublin. I encourage you to strongly consider Tony for this award as he has done great things for us here in Dublin and his leadership is going from strength to strength.
|-
|align="center"|Jeremy Long||align="center"|'''Open/Leading Category''' Jeremy wrote a tool, donated it to OWASP and in 2016 it because on of the OWASP Flagship projects. He is not noisy or gets a lot of attention, but every morning before work - Jeremy works on the OWASP Dependency Check. Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake). The tool can be part of a solution to the OWASP Top 10 2013 A9 - Using Components with Known Vulnerabilities.
|-
|align="center"|[https://www.owasp.org/index.php/John_Patrick_Lita John Patrick Lita]||align="center"|'''Open/Leading Category''' An outstanding volunteer doing an amazing job in the Asia region to promote OWASP projects and materials, reaching a big audience through his outreach program on universities, government institutions and schools on the Philippines. OWASP is not very well know in this part of the Globe and by promoting it, he is creating awareness about application security
|-
|align="center"|[https://www.owasp.org/index.php/User:Owen_Pendlebury Owen Pendlebury]||align="center"|'''Open/Leading Category''' Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and then chapter lead a couple of years later. He has been an extremely active member of the security community and has strived to help drive and improve security best practice at a Global level through his commitment to the OWASP foundation. Owen has been an active and dedicated chapter leader, who has organised regular activities for the OWASP Dublin chapter that benefit the local information security community greatly over the past 6.5 years. Some of the projects that Owen has been involved in include, AppSec EU 2016 Committee/ Training Committee, AppSec EU 2017 successful bid, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars and numerous security workshops.Owen has over 6.5 years’ penetration testing, working as part of a global attack & penetration team for a number organisations including a “Big 4” professional services company. With in-depth experience of application and network penetration testing Owen has worked with many local and global institutions to improve their security posture. Owen is currently a manager in Deloitte Ireland. Owen has also been involved in local education bodies, architecting a masters in cyber security and helping a number of students and experienced individuals find their way in to the security community by making himself available to through all media.
|-
|align="center"|Kathy Thaxton||align="center"|'''Open/Leading Category''' Kathy Thaxton has been THE key leader for SnowFROC for many years. As with most regional conferences, everyone involved has a day job and nobody's got a lot of spare time to do what must be done.
Kathy has somehow found time whenever she's been asked, and has done the lion's share of the work required to organize SnowFROC.
For SnowFROC 2016 we had the usual chaotic first planning meeting where several of us gathered at a pub to see which of us would be able to commit time & to identify potential roles. Everybody left that meeting with action-items. Shortly thereafter, Kathy emailed the rest of us to inform us that she had: drafted a budget,drafted a planning schedule,identified primary & alternate venues,identified primary & competing caterers,reached out to some legendary speakers & gotten tentative commitments,reached out to several vendors & gotten tentative sponsorship commitments, and,identified a good source of volunteers for setup, event day, and tear-down. In other words, Kathy Thaxton had done most of the "heavy lifting" within days of the initial planning meeting! Like previous SnowFROC's, SnowFROC 2016 was attended by Coloradans for the most part, but as with most years we had attendees from Arizona, Utah, Wyoming, and New York. SnowFROC had about 200 attendees, with a mix of ITSec operators, QA/testers, Developers, Auditors, & Managers for all of the above. None of this would have happened without Kathy Thaxton's involvement. Her tact, initiative, cheerfulness, and exceptional organizational skills allowed the rest of the planning committee to focus on things like establishing the curriculum, including a day-long hands-on workshop. Kathy's contribution was so profound and her reputation for organizing a FUN, well-planned, LEARNING event is so great that the local Cloud Security Alliance went out of their way to request her participation on their planning committee for a regional event they're hosting later this year. I attended yesterday's Cloud Security Alliance meeting, and whereas AppSec in the Cloud has been an afterthought at most CSA meetings, it was front-and-center yesterday as the Chapter Leaders asked their members what tracks/topics they'd be most interested in for their upcoming event. That is DEFINITELY reach OUTSIDE of the OWASP community, and again would not have happened without Kathy's stellar achievements at SnowFROCs.
|-
|align="center"|[http://owasp.org/index.php/Dhiraj_Mishra Dhiraj Mishra]||align="center"|'''Open/Leading Category''' Core Team Member in [https://www.owasp.org/index.php/Category:India AppSec India 2016]
* The [http://owasp.org/index.php/Mumbai_Student_Chapter Mumbai Student Chapter] Leader making student endorse in Information Security and Spreading Idea and Awareness via Chapter Meets.
* Helping and Speaking Initiatives in [https://www.owasp.org/index.php/Mumbai OWASP Local Chapter Meet Mumbai] with chapter leader Narenda Choyal.
|-
|align="center"|Tom Brennan Honorable Mention||align="center"|Tom was nominated for the '''Open/Leading Category'''. Per the WASPY Award rules, board members are not eligible. Tom is a current board member and therefore he is not eligible for the award.
|-
|align="center"|[http://owasp.org/index.php/Dhiraj_Mishra Dhiraj Mishra]||align="center"|'''Integrity/Learning Category''' [https://www.owasp.org/index.php/OWASP_Trainers_Database Call_For_Trainers] in OWASP Mumbai, India , being in Trainers DB , Dhiraj have taken ton's of free Session's to Mumbai Cop's , Navi Mumbai Cyber Cell , Thane Cyber Cell and many other's.
|-
|align="center"|[https://www.owasp.org/index.php/John_Patrick_Lita John Patrick Lita]||align="center"|'''Open/Leading Categor'''y An outstanding volunteer doing an amazing job in the Asia region to promote OWASP projects and materials, reaching a big audience through his outreach program on universities, government institutions and schools on the Philippines. OWASP is not very well know in this part of the Globe and by promoting it, he is creating awareness about application security
|-
|-
|align="center"|Steve Kosten||align="center"|'''Integrity/Learning Category''' Steve Kosten is the Denver Chapter Leader. For the past year, Steve has built community and fostered AppSec learning within Colorado. Before Steve joined the Denver OWASP Board, the Chapter was averaging 2 meetings per year attended by about 15 people. After 1 year on the board there had been 6 meetings with a high-water mark of 50 attendees. Since Steve has become Chapter Leader, attendance is >75 for the 4+ meetings each year. This is directly attributable to Steve's selection of top-quality speakers and an exceptional partnership with a local vendor who provides venue & catering, all in exchange for a simple "thank you" and round of applause. As a SANS AppSec Instructor, Steve is an AppSec expert who has cheerfully shared his expertise with attendees. Steve is a selfless leader who has profoundly improved the Denver OWASP Chapter and become a highly sought-after resource in this community.
|-
|align="center"|Eoin Keary||align="center"|'''Integrity/Learning Category''' Eoin gives up his free time to run free security training sessions within the community in Dublin. He is dedicated to spreading the OWASP message within Dublin. He is working within the community for the good of OWASP . Eoin is a committee member and does not have any "board" level title. He is giving to the community and is demonstrating that he does not expect anything in return. Eoin is a role model within our Dublin Chapter
|-
|align="center"|[https://www.owasp.org/index.php/User:Owen_Pendlebury Owen Pendlebury]||align="center"|'''Integrity/Learning Category''' Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and then chapter lead a couple of years later. He has been an extremely active member of the security community and has strived to help drive and improve security best practice at a Global level through his commitment to the OWASP foundation. Owen has been an active and dedicated chapter leader, who has organised regular activities for the OWASP Dublin chapter that benefit the local information security community greatly over the past 6.5 years. Some of the projects that Owen has been involved in include, AppSec EU 2016 Committee/ Training Committee, AppSec EU 2017 successful bid, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars and numerous security workshops. Owen has over 6.5 years’ penetration testing, working as part of a global attack & penetration team for a number organisations including a “Big 4” professional services company. With in-depth experience of application and network penetration testing Owen has worked with many local and global institutions to improve their security posture. Owen is currently a manager in Deloitte Ireland. Owen has also been involved in local education bodies, architecting a masters in cyber security and helping a number of students and experienced individuals find their way in to the security community by making himself available to through all media.
|-
|align="center"|[https://www.owasp.org/index.php/Dhiraj_Mishra Dhiraj Mishra]||align="center"|'''Innovation/Sharing Category''' Past Contributor in [http://owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet The Popular XSS Filter Evasion Cheat Sheet] where as ,This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
* Lead of [https://www.owasp.org/index.php/SQL_Injection_Bypassing_WAF SQLi WAF Bypass] a very helpful cheat sheet which consists of A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete),recommended by many Security Researcher's.
*Contributor in [https://www.owasp.org/index.php/Benchmark OWASP Benchmark],contributed SQLi/XSS fuzz vectors as initial contribution towards adding support for WAF/RASP scoring. Many Thanks to [https://www.owasp.org/index.php/Benchmark#tab=Acknowledgements '''Dave Wichers''']
|-
|align="center"|[https://www.owasp.org/index.php/John_Patrick_Lita John Patrick Lita]||align="center"|'''Open/Leading Category''' An outstanding volunteer doing an amazing job in the Asia region to promote OWASP projects and materials, reaching a big audience through his outreach program on universities, government institutions and schools on the Philippines. OWASP is not very well know in this part of the Globe and by promoting it, he is creating awareness about application security
|-
|align="center"|[[User:Mark_Major|Mark Major]]||align="center"|'''Innovation/Sharing Category''' Mark Major did a LOT of HARD work to ensure that AppSecUSA was a success in Denver. He has consulted with his Chapter and worked with OWASP to try to take the Chapter to the next level. Specifically, his research into using some of the proceeds from his efforts at AppSecUSA to establish an AppSec HackerSpace is both innovative and well overdue.
|-
|align="center"|[https://www.owasp.org/index.php/User:Owen_Pendlebury Owen Pendlebury]||align="center"|'''Innovation/Sharing Category''' Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and then chapter lead a couple of years later. He has been an extremely active member of the security community and has strived to help drive and improve security best practice at a Global level through his commitment to the OWASP foundation. Owen has been an active and dedicated chapter leader, who has organised regular activities for the OWASP Dublin chapter that benefit the local information security community greatly over the past 6.5 years. Some of the projects that Owen has been involved in include, AppSec EU 2016 Committee/ Training Committee, AppSec EU 2017 successful bid, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars and numerous security workshops.Owen has over 6.5 years’ penetration testing, working as part of a global attack & penetration team for a number organisations including a “Big 4” professional services company. With in-depth experience of application and network penetration testing Owen has worked with many local and global institutions to improve their security posture. Owen is currently a manager in Deloitte Ireland. Owen has also been involved in local education bodies, architecting a masters in cyber security and helping a number of students and experienced individuals find their way in to the security community by making himself available to through all media.
|-
|align="center"|[http://owasp.org/index.php/Dhiraj_Mishra Dhiraj Mishra]||align="center"|'''Global/Growing Category''' * [https://www.owasp.org/index.php/About_OWASP/Bug_Bounty/WOF '''OWASP Wall Of Fame''']
|-
|align="center"|[https://www.owasp.org/index.php/John_Patrick_Lita John Patrick Lita]||align="center"|'''Global/Growing Category''' An outstanding volunteer doing an amazing job in the Asia region to promote OWASP projects and materials, reaching a big audience through his outreach program on universities, government institutions and schools on the Philippines. OWASP is not very well know in this part of the Globe and by promoting it, he is creating awareness about application security
|-
|align="center"|Kathy Thazton||align="center"|'''Global/Growing Category''' Kathy Thaxton has been THE key leader for SnowFROC for many years. As with most regional conferences, everyone involved has a day job and nobody's got a lot of spare time to do what must be done.
Kathy has somehow found time whenever she's been asked, and has done the lion's share of the work required to organize SnowFROC.
For SnowFROC 2016 we had the usual chaotic first planning meeting where several of us gathered at a pub to see which of us would be able to commit time & to identify potential roles.Everybody left that meeting with action-items.Shortly thereafter, Kathy emailed the rest of us to inform us that she had: drafted a budget,drafted a planning schedule,identified primary & alternate venues,identified primary & competing caterers,reached out to some legendary speakers & gotten tentative commitments,reached out to several vendors & gotten tentative sponsorship commitments, and,identified a good source of volunteers for setup, event day, and tear-down.In other words, Kathy Thaxton had done most of the "heavy lifting" within days of the initial planning meeting!Like previous SnowFROC's, SnowFROC 2016 was attended by Coloradans for the most part, but as with most years we had attendees from Arizona, Utah, Wyoming, and New York.SnowFROC had about 200 attendees, with a mix of ITSec operators, QA/testers, Developers, Auditors, & Managers for all of the above.None of this would have happened without Kathy Thaxton's involvement. Her tact, initiative, cheerfulness, and exceptional organizational skills allowed the rest of the planning committee to focus on things like establishing the curriculum, including a day-long hands-on workshop.Kathy's contribution was so profound and her reputation for organizing a FUN, well-planned, LEARNING event is so great that the local Cloud Security Alliance went out of their way to request her participation on their planning committee for a regional event they're hosting later this year.I attended yesterday's Cloud Security Alliance meeting, and whereas AppSec in the Cloud has been an afterthought at most CSA meetings, it was front-and-center yesterday as the Chapter Leaders asked their members what tracks/topics they'd be most interested in for their upcoming event.That is DEFINITELY reach OUTSIDE of the OWASP community, and again would not have happened without Kathy's stellar achievements at SnowFROCs.
|-
|align="centre"|[https://www.owasp.org/index.php/User:Owen_Pendlebury Owen Pendlebury]||align="center"|'''Global/Growing Category''' Owen has been involved in the OWASP Foundation since 2009. He started out attending OWASP Dublin meetings and helping to facilitate chapter meetings and security workshops. Eventually, he took on the role of Dublin board member and then chapter lead a couple of years later. He has been an extremely active member of the security community and has strived to help drive and improve security best practice at a Global level through his commitment to the OWASP foundation. Owen has been an active and dedicated chapter leader, who has organised regular activities for the OWASP Dublin chapter that benefit the local information security community greatly over the past 6.5 years. Some of the projects that Owen has been involved in include, AppSec EU 2016 Committee/ Training Committee, AppSec EU 2017 successful bid, DaggerCon, Cyber Startup Summit, Source Dublin, Advanced Threat Intelligence Seminars and numerous security workshops. Owen has over 6.5 years’ penetration testing, working as part of a global attack & penetration team for a number organisations including a “Big 4” professional services company. With in-depth experience of application and network penetration testing Owen has worked with many local and global institutions to improve their security posture. Owen is currently a manager in Deloitte Ireland.Owen has also been involved in local education bodies, architecting a masters in cyber security and helping a number of students and experienced individuals find their way in to the security community by making himself available to through all media.
|}

== '''Rules'''==
'''Remember the purpose of these awards is to recognize the UNSUNG HEROS out there, that are barely recognized for their contributions to the OWASP Foundation.'''
 
1. [https://www.owasp.org/index.php/About_OWASP#2015_Global_Board_Members Board members] may not be nominated
 
2. [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors_of_the_OWASP_Foundation Employees & Contractors] may not be nominated
 
3. You MUST be a [https://www.owasp.org/index.php/2016_Membership_Drive_April_1_-_June_20 Paid or Honorary member] to vote and your [https://docs.google.com/spreadsheets/d/1iabh7RrMMRQce0cDQsv_GdQtSKz4G9ISan9svfn_6kE/edit#gid=1961079767 membership] needs to be on file by June 20, 2016
 
4. All nominees will remain anonymous until July 11, 2016
 
5. Anyone can nominate an "unsung hero" who has contributed in some way to OWASP who they feel best fits each category
 
6. You may only nominate one person per category
 

=='''Eligible Voters'''==
Individuals who were members as of June 20, 2016 are eligible and are listed [https://docs.google.com/spreadsheets/d/1iabh7RrMMRQce0cDQsv_GdQtSKz4G9ISan9svfn_6kE/edit#gid=1961079767 here]. Please take a minute to verify your name is on the list. If you are '''NOT''' on the list and believe you should be, then you should '''[https://www.tfaforms.com/308703 contact us immediately]'''

=='''Sponsorship Opportunities'''==
Coming Soon!

The support from our sponsors, is what makes these awards truly successful!

=='''Communication'''==
June 7, 2016 [https://twitter.com/owasp/status/740236956550959104 Twitter], [https://www.facebook.com/groups/owaspfoundation/permalink/1004714156315924/ Facebook], [https://www.linkedin.com/groups/36874/36874-6146003139049906179 LinkedIn], [https://plus.google.com/116933056486234813396/posts/7AktQkr9y5c Google+], [http://owasp.blogspot.com/2016/06/2016-waspy-awards.html OWASP Blog].

=='''Past WASPY Awards'''==
[https://www.owasp.org/index.php/WASPY_Awards_2015 2015] 
[https://www.owasp.org/index.php/WASPY_Awards_2014 2014] 
[https://www.owasp.org/index.php/WASPY_Awards_2013 2013] 
[https://www.owasp.org/index.php/WASPY_Awards_2012 2012]

User:Mark Major

2016-08-04T04:32:25Z

Mark Major:

== Mark Major ==

{| style="width: 100%;"
|- valign="top"
| By day Mark works as a cybersecurity engineer and penetration tester for [http://www.aerstone.com Aerstone], and by night he runs the [[Boulder]] OWASP chapter. Mark is actively building an Attackerspace, a hackerspace with an appsec slant. The Attackerspace will be open to the OWASP community as well as the public, with partnerships in place with regional schools.

Past projects included directing [[Front_Range_OWASP_Conference_2013|SnowFROC]] and [http://2014.appsecusa.org/2014/ AppSec USA 2014]. In support of these conferences, Mark managed a [http://www.waspnestctf.com/ home-grown Capture the Flag tournament] and the Code Brew beer hacking competition.

To learn more about the Boulder Chapter or the related projects, drop by one of the [http://www.meetup.com/OWASP-Boulder/ free meetings].

To just say 'hey', drop a note to mark dot major at owasp dot org.
| style="width: 200px; |
| [[Image:BOWASP_Major.jpg|160px|alt=Mark Major|right]]
|}

Front Range OWASP Conference 2016

2016-01-15T00:42:46Z

Mark Major:

[[Image:SnowFROC2016_Inv_White_med.png]]



==Return of SnowFROC==
'''SAVE THE DATE - FEBRUARY 18th IT IS ON LIKE DONKEY KONG!'''

{| cellpadding="15 0 0 "
|-

| [[Image:AppliedTrust.png | 120px | link=http://www.appliedtrust.com | alt=Applied Trust | Applied Trust]]
| [[Image:Checkmarx.png | 120px | link=http://www.checkmarx.com/ | alt=Checkmarx | Checkmarx]]
| [[Image:HP.png | 120px | link=http://www.hp.com/ | alt=HP | HP]]
|}
__NOTOC__

= Introduction =
{{:Front_Range_OWASP_Conference_2016/Introduction}}

=Registration=
{{:Front_Range_OWASP_Conference_2016/Registration}}

=Venue=
{{:Front_Range_OWASP_Conference_2016/Venue}}

=Conference Schedule=
{{:Front_Range_OWASP_Conference_2016/Schedule}}



<headertabs />

[[Category:OWASP_AppSec_Conference]]

====Twitter Feed====
{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use the '''[http://search.twitter.com/search?q=%23FROC #FROC]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

==Call for Volunteers==
We will need all kinds of volunteers. Stay tuned.

==Call for Sponsors==
It doesn't happen without sponsors. Please start to talk this up with your sponsors so that they are inclined to use their marketing dollars for this event...

File:SnowFROC2016 Inv White med.png

2016-01-15T00:41:45Z

Mark Major:

Front Range OWASP Conference 2016

2016-01-06T23:30:31Z

Mark Major:

[[Image:SnowFROC2016.png]]

==Return of SnowFROC==
'''SAVE THE DATE - FEBRUARY 18th IT IS ON LIKE DONKEY KONG!'''


__NOTOC__

= Introduction =
{{:Front_Range_OWASP_Conference_2016/Introduction}}

=Registration=
{{:Front_Range_OWASP_Conference_2016/Registration}}

=Venue=
{{:Front_Range_OWASP_Conference_2016/Venue}}

=Conference Schedule=
{{:Front_Range_OWASP_Conference_2016/Schedule}}



<headertabs />

[[Category:OWASP_AppSec_Conference]]

====Twitter Feed====
{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use the '''[http://search.twitter.com/search?q=%23FROC #FROC]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

==Call for Volunteers==
We will need all kinds of volunteers. Stay tuned.

==Call for Sponsors==
It doesn't happen without sponsors. Please start to talk this up with your sponsors so that they are inclined to use their marketing dollars for this event...

Front Range OWASP Conference 2016

2016-01-06T23:30:15Z

Mark Major: Updated the logo to use consistent fonts for the date.

[[Image:SnowFROC2016.png|1024px]]

==Return of SnowFROC==
'''SAVE THE DATE - FEBRUARY 18th IT IS ON LIKE DONKEY KONG!'''


__NOTOC__

= Introduction =
{{:Front_Range_OWASP_Conference_2016/Introduction}}

=Registration=
{{:Front_Range_OWASP_Conference_2016/Registration}}

=Venue=
{{:Front_Range_OWASP_Conference_2016/Venue}}

=Conference Schedule=
{{:Front_Range_OWASP_Conference_2016/Schedule}}



<headertabs />

[[Category:OWASP_AppSec_Conference]]

====Twitter Feed====
{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use the '''[http://search.twitter.com/search?q=%23FROC #FROC]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)

'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

==Call for Volunteers==
We will need all kinds of volunteers. Stay tuned.

==Call for Sponsors==
It doesn't happen without sponsors. Please start to talk this up with your sponsors so that they are inclined to use their marketing dollars for this event...

File:SnowFROC2016.png

2016-01-06T23:17:34Z

Mark Major:

Boulder

2015-09-25T18:41:24Z

Mark Major:

===Special Thanks===
The continued sponsorship of Aerstone, Applied Trust, and Coalfire keep the chapter running strong. Thank you.
{| cellpadding="15 0 0 "
|-
| [[Image:BoulderSponsorAerstone.png | 120px | link=https://aerstone.com | alt=Aerstone | Aerstone]]
| [[Image:AppliedTrust.png | 120px | link=http://www.appliedtrust.com | alt=Applied Trust | Applied Trust]]
| [[Image:Coalfire.png | 120px | link=http://www.coalfire.com/ | alt=Coalfire | Coalfire]]
|}

__NOTOC__

=About=
{{:Boulder/About}}

=Upcoming Events=
{{:Boulder/Events-Upcoming}}

=Past Events=
{{:Boulder/Events-Past}}

=Chapter Projects=
{{:Boulder/Projects}}

=Chapter Support=
{{:Boulder/Support}}


<headertabs />

== Upcoming Events ==

'''Thursday Evenings: ''' We typically (but not always) hold our chapter meetings on the third Thursday of the month. We meet in the heart of Boulder, on Walnut St. Newcomers are always welcome! Meeting details can be found on our [http://www.meetup.com/OWASP-Boulder/ MeetUp.com] site. Please RSVP on that site as seating can fill up quickly.

 

[[Category:OWASP Chapter]]
[[Category:Colorado]]

Boulder/Support

2015-09-24T00:07:57Z

Mark Major: Created page with "==Help Wanted!== We are always looking for new members, speakers, and sponsors. ===Members=== ===Speakers=== ===Sponsors==="

==Help Wanted!==
We are always looking for new members, speakers, and sponsors.

===Members===

===Speakers===

===Sponsors===

Boulder/Projects

2015-09-23T23:58:03Z

Mark Major: Created page with "==Capture the Flag== [https://ctf.snowfroc.com/ SnowFROC CTF (2013)] [http://www.waspnestctf.com/ WaspNest CTF] ==Conferences== Front_Range_OWASP_Conference_2013| SnowFROC..."

==Capture the Flag==
[https://ctf.snowfroc.com/ SnowFROC CTF (2013)]
[http://www.waspnestctf.com/ WaspNest CTF]

==Conferences==
[[Front_Range_OWASP_Conference_2013| SnowFROC 2013]]

[http://2014.appsecusa.org/ AppSec USA 2014]

[[Front_Range_OWASP_Conference_2016| SnowFROC 2016]]

==Code Brew==

==Attackerspace==

Boulder

2015-09-23T23:52:42Z

Mark Major:

===Special Thanks===
The continued sponsorship of Aerstone, Applied Trust, and Coalfire keep the chapter running strong. Thank you.
{| cellpadding="15 0 0 "
|-
| [[Image:BoulderSponsorAerstone.png | 120px | link=https://aerstone.com | alt=Aerstone | Aerstone]]
| [[Image:AppliedTrust.png | 120px | link=http://www.appliedtrust.com | alt=Applied Trust | Applied Trust]]
| [[Image:Coalfire.png | 120px | link=http://www.coalfire.com/ | alt=Coalfire | Coalfire]]
|}

__NOTOC__

=About=
{{:Boulder/About}}

=Upcoming Events=
{{:Boulder/Events-Upcoming}}

=Past Events=
{{:Boulder/Events-Past}}

=Projects=
{{:Boulder/Projects}}

=Chapter Support=
{{:Boulder/Support}}


<headertabs />

== Upcoming Events ==

'''Thursday Evenings: ''' We typically (but not always) hold our chapter meetings on the third Thursday of the month. We meet in the heart of Boulder, on Walnut St. Newcomers are always welcome! Meeting details can be found on our [http://www.meetup.com/OWASP-Boulder/ MeetUp.com] site. Please RSVP on that site as seating can fill up quickly.

 

[[Category:OWASP Chapter]]
[[Category:Colorado]]

Boulder

2015-09-23T23:51:58Z

Mark Major: Restructuring into a table format and discretizing content into separate pages for improved readability and maintainability.

====Special Thanks====
The continued sponsorship of Aerstone, Applied Trust, and Coalfire keep the chapter running strong. Thank you.
{| cellpadding="15 0 0 "
|-
| [[Image:BoulderSponsorAerstone.png | 120px | link=https://aerstone.com | alt=Aerstone | Aerstone]]
| [[Image:AppliedTrust.png | 120px | link=http://www.appliedtrust.com | alt=Applied Trust | Applied Trust]]
| [[Image:Coalfire.png | 120px | link=http://www.coalfire.com/ | alt=Coalfire | Coalfire]]
|}

__NOTOC__

=About=
{{:Boulder/About}}

=Upcoming Events=
{{:Boulder/Events-Upcoming}}

=Past Events=
{{:Boulder/Events-Past}}

=Projects=
{{:Boulder/Projects}}

=Chapter Support=
{{:Boulder/Support}}


<headertabs />

== Upcoming Events ==

'''Thursday Evenings: ''' We typically (but not always) hold our chapter meetings on the third Thursday of the month. We meet in the heart of Boulder, on Walnut St. Newcomers are always welcome! Meeting details can be found on our [http://www.meetup.com/OWASP-Boulder/ MeetUp.com] site. Please RSVP on that site as seating can fill up quickly.

 

[[Category:OWASP Chapter]]
[[Category:Colorado]]

Boulder/Events-Upcoming

2015-09-23T23:34:15Z

Mark Major: Created page with "Additional meeting details may be found on [http://www.meetup.com/OWASP-Boulder/ MeetUp.com]. Registration is not required to view meeting topics and locations, but it..."

Additional meeting details may be found on [http://www.meetup.com/OWASP-Boulder/ MeetUp.com]. Registration is not required to view meeting topics and locations, but it does help us order enough food.

Boulder/About

2015-09-23T23:33:00Z

Mark Major: Basic overview of the Boulder chapter, including organizers and roles.

File:Coalfire.png

2015-09-23T23:02:48Z

Mark Major:

CommunityUpdates/2014-08-26

2014-08-25T22:01:23Z

Mark Major: Adding AppSec USA logo

= Join the Meeting - Connection Information =
* Tuesday August 26, 2014

== Those on Video ==
* Michael Coates - @_mwc

== Watch the live or recorded meeting==
9am Pacific / 5pm London
* [https://plus.google.com/b/114897759028714798478/events/cc0k2keie6rfthet8m79ef2f87s Google+ link]
* [http://www.youtube.com/watch?v=mMEP8uN9E_Y YouTube Link]
* [https://www.owasp.org/index.php/CommunityUpdates/2014-07-08 Last meeting's agenda]
* [https://www.owasp.org/index.php/CommunityUpdates Community Update Overall Page]

= OWASP'er Mentions =


= Upcoming Events =
* [https://www.owasp.org/index.php/2014_Board_Elections 2014 OWASP Elections!] - [https://www.owasp.org/index.php/2014_Board_Elections#2014_Board_Candidates Candidates Announced]
[http://appsecusa.org [[File:AppSecUSA.LightBg.900x151.png|alt=AppSec USA 2014]] ]

= Chapters =
== Chapter Events==

* September 2nd, 2014, - OWASP Israel - Interdisciplinary Center in Herzliya (IDC) -[https://www.owasp.org/index.php/AppSec_Israel_2014 more info]
* August 1, 2014 - OWASP USA:Louisville - [https://www.owasp.org/index.php/Louisville more info]

''[https://www.owasp.org/index.php/OWASP_Chapter Full list of worldwide chapters]'', ''[http://www.google.com/calendar/embed?src=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com&ctz=America/Los_Angeles OWASP Events Calendar]''

== Chapter Info ==
* Running a chapter and want your event featured in Community Update and on OWASP home page? Just add it to the [http://www.google.com/calendar/embed?src=hl6cjgs6ep1h7oniqgueu2bhbo%40group.calendar.google.com&ctz=America/Los_Angeles OWASP events calendar]
** [https://www.owasp.org/index.php/Chapter_Handbook/Chapter_7:_Organizing_Chapter_Meetings#OWASP_Calendar Instructions for chapter leaders on how to add events]
* Chapter Funds - Did you know you chapter has funds to use? https://www.owasp.org/index.php/Donation_Scoreboard
** [https://www.owasp.org/index.php/Chapter_Handbook/Chapter_4:_Chapter_Administration#Handling_Money Tips on spending chapter funds]
* Need funding for an OWASP activity? Check out [https://www.owasp.org/index.php/Funding the funding page]

== Chapter Metrics Q2==
{| style="width: 60%; height: 200px" border="1"
|-
! style="background: #E0CEF2; color: black" | '''DATE'''
! style="background: #E0CEF2; color: black" | April 2014
! style="background: #E0CEF2; color: black" | May 2014
! style="background: #E0CEF2; color: black" | June 2014

|-
! style="background: #F2CECE; color: black" | '''TOTAL'''
! style="background: #F2CECE; color: black" | 267 Chapters
! style="background: #F2CECE; color: black" | 268 Chapters
! style="background: #F2CECE; color: black" | 270 Chapters

|-
|}

*Active Chapters: 235
*Inactive Chapters: 35 (listed as not having a chapter leader)
*New Chapters: 1
*Restarted Chapters: 3

==Chapters By Region==

Total Chapters (inactive chapters)

*Africa: 16 (3)
*Asia Pacific: 17 (2)
*Canada: 12 (6)
*Europe: 56 (5)
*Latin America: 38 (10)
*Middle East: 38 (2)
*United States: 86 (8)

= Conferences =
''Full [https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference conference calendar]''

* [http://appsecusa.org/ OWASP AppSec USA] - 2014 Sept. 16, 2014 - Sept. 19, 2014
** Denver, Colorado

* AppSecEU Videos
** [https://www.youtube.com/playlist?list=PLpr-xdpM8wG_KHsxepT9o6trkqDELhr3_ Talks online at OWASP YouTube Channel]
** [https://soundcloud.com/owasp-podcast OWASP 24/7 Podcast Interviews]

= Projects =
OWASP JSEC CVE Details
[https://www.owasp.org/index.php/OWASP_JSEC_CVE_Details]
= Talks & Outreach =
Recent Security Talks
==BlackHat Arsenal 2014==
On August 6th and 7th, ZAP, PCI TOOLKIT and Dependency check were presented during the BlackHat USA Arsenal Tools in Las Vegas
The sessions were a success, and OWASP had a big opportunity to present these tools.
Other OWASP members were there to present their tools such as
Abbas Naderi with Taintless
Ryan Barnett with Modsecurity and
Josh Sokol with Simple Risk

Visit https://www.blackhat.com/us-14/arsenal.html to learn more about the presentations

== OWASP in the News ==
* [https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project OWASP Internet of Things Top 10] was mentioned in the VentureBeat article [http://venturebeat.com/2014/08/23/the-internet-of-things-will-be-vulnerable-for-years-and-no-one-is-incentivized-to-fix-it/ The Internet of Things will be vulnerable for years, and no one is incentivized to fix it]
*

= Activities Looking for Volunteers =


= OWASP Wiki =
== Pages that Need Attention ==
*

== Editing Tips & Tricks ==
* [https://www.owasp.org/index.php/Tutorial Basic FAQ for editing the wiki]

== Wiki Clean Up Crew ==
* Help Needed - [https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors Join mailing] list to discuss
* https://www.owasp.org/index.php/Wiki_Cleanup

== Wiki-Fu==

= Announcements from the Foundation =

File:AppSecUSA2014.v6.zip

2014-08-25T02:07:37Z

Mark Major:

File:AppSecUSA2014.v6.pptx

2014-08-25T01:58:06Z

Mark Major:

File:AppSecUSA2014.v5b.pptx

2014-08-12T03:13:01Z

Mark Major: The original speaker presentation was a PowerPoint template (.potx). Unfortunately, that format cannot be uploaded into Google Docs. To accommodate, this is the same file in non-template formate (.pptx).

The original speaker presentation was a PowerPoint template (.potx). Unfortunately, that format cannot be uploaded into Google Docs. To accommodate, this is the same file in non-template formate (.pptx).

File:AppSecUSA2014.v5.potx.zip

2014-08-04T16:25:46Z

Mark Major:

Category:OWASP Education Project

2014-04-22T18:32:19Z

Mark Major:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Education Project==

OWASP Education Project aims to provide in building blocks of web application security knowledge that can easily be integrated in awareness sessions or presentations on this topic. The building blocks provided by this project can then be bundled together in education tracks.
An important guideline is therefore that the material produced is modular.

==Introduction==

Web Application Security Education and Awareness is needed throughout the entire organization, each area and level of organizations have specific needs and requirements regarding education. A manager needs other information than a security professional or developer. Novices to the profession require other training than people with several years of experience.
This Education project aims to provide in building blocks of web application security information. These modules can be combined together in education tracks targeting different audiences.

==Description==

The project will continuously deliver education material about OWASP tooling and documentation. This aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously. With the setup of a OWASP Boot camp, the OWASP word can be spread in a controlled manner and deliver high quality training., both inside and outside of the OWASP community. The OWASP Education Project will setup and standardize OWASP trainings manuals and materials to ensure a certain level of quality of the trainings. Trainings about the OWASP tooling and projects will have to be reviewed by the Projects.

==Licensing==
OWASP Education Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is OWASP Education Project? ==

OWASP Education Project provides:

* [[OWASP Education Material Categorized]]

== Presentation ==

Link to presentation

== Project Leader ==

[mailto:martin.knobloch@owasp.org Martin Knobloch]

== Related Projects ==

* [[OWASP Live CD Project]]
* [[OWASP Testing Guide]]
* [[OWASP Development Guide Project]]
* [[OWASP Code Review Project]]
* [[OWASP ASDR Project]]

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download

== News and Events ==

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

= Resources and Links =

This project is not standalone. There is an awfull lot of information that can be found throughout this site and from other resources on the Internet. 
This project will draw pieces of information from:
* [http://www.owasp.org/index.php/Category:OWASP_Video Videos]
* The presentations, currently being inventorized in the [[OWASP Education Presentation|consolidation page of OWASP presentations]]¨
* [http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]
* ...
One of the modules to create will be a Resources module, not limited to OWASP.

== Educations ==
* [http://www.owasp.org/index.php/Education_Track:_What_Developers_Should_Know_on_Web_Application_Security What Developers Should Know]
* [https://www.owasp.org/images/8/8f/Setting_up_a_Secure_Development_Life_Cycle_with_OWASP_-_Seba_Deleersnyder.pptx Setting up a Secure Development Life Cycle with OWASP]

= Donated Material =
The following training material and presentations were donated to the education project and will be integrated in future Education Tracks.
* [[Education Donated: OWASP Safe Browsing]]
* [[Education Donated: OWASP ASVS 1.0 ~2 day training deck]]
* [https://www.owasp.org/images/2/22/Tracks.pdf JAVA/J2EE Secure Development Curriculum]

= Acknowledgements =

{| style="width:70%" border="0" align="center"
| colspan="7" align="center" style="background:#4058A0; color:white" | '''OWASP Education Project'''
|-
| style="width:25%; background:#cccccc" align="center" | '''CONTRIBUTORS'''
| style="width:25%; background:#cccccc" align="center" |
* [[User:Sdeleersnyder|Sebastien Deleersnyder]]
* [[User:knoblochmartin| Martin Knobloch]]
* [[User:Brennan|Tom Brennan]]
| style="width:25%; background:#cccccc" align="center" |
* [[User:xxradar|Philippe Bogaerts]]
* [[User:Mccorga|Grady McCorkle]]
* [[User:AhmedNeil|Ahmed Neil]]
| style="width:25%; background:#cccccc" align="center" |
* [[User:medelibero|Mike de Libero]]
* [[User:Bunyamin|Bunyamin Demir]]
* [[User:Tony_Gottlieb|Tony Gottlieb]]
|-
| style="width:25%; background:#cccccc" align="center" | '''REVIEWERS'''
| style="width:25%; background:#cccccc" align="center" |
* Sebastien Gioria
| style="width:25%; background:#cccccc" align="center" |
* [[User:Namn|'''Nam Nguyen''']]
| style="width:25%; background:#cccccc" align="center" |
* [[User:Sdeleersnyder|'''Sebastien Deleersnyder''']]
|}

= Road Map and Getting Involved =
This page is split in 2 parts. 
The first part is the split-up of the current goals in tasks. Here you can add who is working on what module together with the status on progress. 
The second part lists longer term goals of the Eduction project. Do not hesitate to add goals and discuss them in the mailing list.

== Current Goal Tasks ==

=== Sub Goal 1: Create overview of OWASP presentations (100%) ===
The following is a list of tasks that have to be performed for the project:
* Add the majority of presentation material on [[OWASP Education Presentation|the presentation overview page]] (100% - all)
* Provide [[:Category:OWASP_Presentations#OWASP_Education_Presentation_Guidelines| Guidance page]] on OWASP presentations and re-usability and link in other related presentation pages (100% Seba)

=== Sub Goal 2: Design agenda 2 Tracks (100%) ===
For the two 4 hour tracks:
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)
Perform the following:
:* Describe track overview (100% - Seba)
:* Describe track target audience (100% - Seba)
:* Design a TOC with titles, one paragraph per title and timing (100% - Seba)
:* Perform a review cycle on the TOC and get external feedback (100% - Seba)
:* Finish TOC for approval by the project team (100% - Seba)

* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)
Perform the following:
:* Describe track overview (100% - seba)
:* Describe track target audience (100% - volunteers needed)
:* Design a TOC with titles, one paragraph per title and timing (100% - seba)
:* Perform a review cycle on the TOC and get external feedback (100% - Seba)
:* Finish TOC for approval by the project team (100% - Seba)

=== Sub Goal 3: Create Modules (100 %)===
To support the 2 target tracks and eventually other tracks, modules will have to be created. This means:
* Work out some basic rules on module slides (100% - Seba)
For the two 4 hour tracks:
* A [[Education Track: Web Application Security Primer|Web Application Security Primer]] Track for beginners (4 hours)
Perform the following:
:* From the TOC identify the necessary modules. There will probably be overlap with TOC entries (100% - Seba)
:* Module - Why WebAppSec matters (100% - Seba)
:* Module - OWASP Top 10 Introduction & Remedies (100% - Seba)
:* Module - Embed within SDLC (100% - Seba)
:* Module - Good WebAppSec Resources (100% - Seba)
:* Perform a review cycle by project members that did not create the module (100% - Seba)
* [[Education Track: What Developers Should Know on Web Application Security|What Developers Should Know on Web Application Security]] Track for developers (4 hours)
Perform the following:
:* From the TOC identify the necessary modules. There will probably be overlap with TOC entries (100% - Seba)
:* Module - Why WebAppSec matters (100% - Seba)
:* Module - OWASP Top 10 Introduction & Remedies (100% - Seba)
:* Module - Embed within SDLC (100% - Seba)
:* Module - Good Secure Development Practices (100% - Seba)
:* Module - Testing for Vulnerabilities (100% - Seba)
:* Module - Good WebAppSec Resources (100% - Seba)
:* Perform a review cycle by project members that did not create the module (100% - Seba)

=== Sub Goal 4: Track try-outs (20%) ===
In further stages the tracks can be piloted on 'victim' audiences.
* Feedback forms will be necessary to capture structured feedback (100% - Seba: template created)
* (parts) of modules will need corrections (0% - volunteers needed)

=== Sub Goal 5: Track Distribution ===
To support further evolution of the existing tracks:
* Teach the teacher sessions can be set up
* Webinars can be created
* Figure out a way to accompany module with audio/video support (0% - tbd)

== Future Goals ==

When we get here, we can say that the project reached Beta Status and we should define goals to get it to Release Quality.
* Define other tracks
:* 2 h awareness track
:* 4h What testers should know on Web Application Security track
:* ...
* Set up and maintain improvement cycles for existing tracks
* Further support OWASP and other organisations to (re)use the OWASP Education Modules and Tracks
* Set up certification mechanisms for trainers and attendees
* Define a broader curriculum ...

Involvement in the development and promotion of the OWASP Education Project is actively encouraged!
We hope you find the OWASP Education Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to the [http://lists.owasp.org/mailman/listinfo/owasp-education mailing list].

If you used material from our project, please use the available [[:Image:Education_Track_Evaluation_Template.doc|evaluation forms]] and let uw know how we can improve our modules and tracks.

=Project About=

{{:Project Information:template Education Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

User:Mark Major

2013-11-10T14:50:31Z

Mark Major:

== Mark Major ==

{| style="width: 100%;"
|- valign="top"
| By day Mark works as a cybersecurity engineer and penetration tester for [http://www.aerstone.com Aerstone], and by night he runs the [[Boulder]] OWASP chapter. Current projects including organizing [[Front_Range_OWASP_Conference_2013|SnowFROC]] and AppSec USA 2014. In support of these conferences, Mark also leads development of a Capture the Flag tournament and a home-brew beer competition.

To learn more about the Boulder Chapter or the related projects, drop by one of the [http://www.meetup.com/OWASP-Boulder/ free meetings].

To just say 'hey', drop a note to mark dot major at owasp dot org.
| style="width: 200px; |
| [[Image:BOWASP_Major.jpg|160px|alt=Mark Major|right]]
|}

Boulder

2013-06-26T17:46:16Z

Mark Major: Overflow or not, Aerstone will host this month's meeting.

{{Chapter Template|chaptername=Boulder|extra=The chapter leader is [[User:Mark_Major|Mark Major]].
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}

====Special Thanks====
The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.

[[File:BoulderSponsorAerstone.png]]

== Upcoming Events ==

====Thursday, June 27th at 6pm – Gene Kim: Why We Need DevOps Now====

'''About the speaker''' 
'''Gene Kim''' is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire, which commercialized the open source software he wrote in 1992 with Dr. Gene Spafford at Purdue University. He is the author of “[http://www.amazon.com/Visible-Ops-Handbook-Implementing-Practical/dp/0975568612/ref=sr_1_1?ie=UTF8&qid=1327709357&sr=8-1 The Visible Ops Handbook],” and “[http://www.amazon.com/Visible-Ops-Security-Operations-ebook/dp/B003J35A0A/ref=sr_1_2?ie=UTF8&qid=1327709357&sr=8-2 The Security Visible Ops Handbook],”which has sold over 200K copies to date. Gene is also the author of [http://itrevolution.com/books/phoenix-project-devops-book/ The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win].

Gene’s area of passion is helping companies build super-tribes where Development, IT Operations, Product and Project Management and Information Security simultaneously maximize throughput of features from “code complete” to “in production,” without causing chaos and disruption to the IT environment. He’s helped some of the largest Internet properties, such as Microsoft, Yahoo!, AOL and Microsoft companies he’s worked with Microsoft. He loves finding and fixing bottlenecks which impede and frustrate the entire organization, enabling management from each tribe to achieve the greater organizational goals.

{| style="width:100%;" border="0" align="left" cellpadding="5"
|-
| style="width:6em;" | '''When'''
| | Thursday, June 27th
|-
| | '''Agenda'''
| | 6:00 - 6:30: Food, drink, and networking 6:30 - 7:00: Chapter business and group discussion 7:00 - 8:00: '''Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations''' Gene will present his findings from an ongoing study of how high-performing IT organizations simultaneously deliver stellar service levels and deliver fast flow of new features into the production environment. To successfully deliver against what on the surface appear to be conflicting objectives, (i.e. preserving service levels while introducing significant amounts of change into production), requires creating a highly-coordinated collection of teams where Development, QA, IT Operations, as well as Product Management and Information Security genuinely work together to solve business objectives. Gene will describe what successful transformations look like, and how those transformations were achieved from a software development and service operations perspective. He will draw upon fourteen years of research of high-performing IT organizations, as well as work he's done since 2008 to help some of the largest Internet companies increase feature flow and production stability through applications of DevOps principles.
|-
| | '''Location'''
| | [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor).
|-
| | '''Parking'''
| | Free parking one block north of Aerstone through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
|-
| | '''Virtual'''
| | Remote attendees may participate through [https://questconsultants.webex.com/questconsultants/j.php?ED=207871237&UID=0&RT=MiM2 WebEx].
|-
| | '''RSVP'''
| | Available through [http://www.meetup.com/OWASP-Boulder/events/124446512/ MeetUp.com].
|}

 

[[Category:OWASP Chapter]]
[[Category:Colorado]]

Boulder

2013-06-14T19:06:22Z

Mark Major: Updated presentation title and abstract

{{Chapter Template|chaptername=Boulder|extra=The chapter leader is [[User:Mark_Major|Mark Major]].
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}

====Special Thanks====
The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.

[[File:BoulderSponsorAerstone.png]]

== Upcoming Events ==

====Thursday, June 27th at 6pm – Gene Kim: Why We Need DevOps Now====

'''About the speaker''' 
'''Gene Kim''' is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire, which commercialized the open source software he wrote in 1992 with Dr. Gene Spafford at Purdue University. He is the author of “[http://www.amazon.com/Visible-Ops-Handbook-Implementing-Practical/dp/0975568612/ref=sr_1_1?ie=UTF8&qid=1327709357&sr=8-1 The Visible Ops Handbook],” and “[http://www.amazon.com/Visible-Ops-Security-Operations-ebook/dp/B003J35A0A/ref=sr_1_2?ie=UTF8&qid=1327709357&sr=8-2 The Security Visible Ops Handbook],”which has sold over 200K copies to date. Gene is also the author of [http://itrevolution.com/books/phoenix-project-devops-book/ The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win].

Gene’s area of passion is helping companies build super-tribes where Development, IT Operations, Product and Project Management and Information Security simultaneously maximize throughput of features from “code complete” to “in production,” without causing chaos and disruption to the IT environment. He’s helped some of the largest Internet properties, such as Microsoft, Yahoo!, AOL and Microsoft companies he’s worked with Microsoft. He loves finding and fixing bottlenecks which impede and frustrate the entire organization, enabling management from each tribe to achieve the greater organizational goals.

{| style="width:100%;" border="0" align="left" cellpadding="5"
|-
| style="width:6em;" | '''When'''
| | Thursday, June 27th
|-
| | '''Agenda'''
| | 6:00 - 6:30: Food, drink, and networking 6:30 - 7:00: Chapter business and group discussion 7:00 - 8:00: '''Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations''' Gene will present his findings from an ongoing study of how high-performing IT organizations simultaneously deliver stellar service levels and deliver fast flow of new features into the production environment. To successfully deliver against what on the surface appear to be conflicting objectives, (i.e. preserving service levels while introducing significant amounts of change into production), requires creating a highly-coordinated collection of teams where Development, QA, IT Operations, as well as Product Management and Information Security genuinely work together to solve business objectives. Gene will describe what successful transformations look like, and how those transformations were achieved from a software development and service operations perspective. He will draw upon fourteen years of research of high-performing IT organizations, as well as work he's done since 2008 to help some of the largest Internet companies increase feature flow and production stability through applications of DevOps principles.
|-
| | '''Location'''
| | [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor). '''Subject to change to accommodate overflow attendance.'''
|-
| | '''Parking'''
| | Free parking one block north of Aerstone through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
|-
| | '''Virtual'''
| | Remote attendees may participate through [https://questconsultants.webex.com/questconsultants/j.php?ED=207871237&UID=0&RT=MiM2 WebEx].
|-
| | '''RSVP'''
| | Available through [http://www.meetup.com/OWASP-Boulder/events/124446512/ MeetUp.com].
|}

 

[[Category:OWASP Chapter]]
[[Category:Colorado]]

Boulder

2013-06-14T17:18:01Z

Mark Major: Always tinkering .. :/

{{Chapter Template|chaptername=Boulder|extra=The chapter leader is [[User:Mark_Major|Mark Major]].
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}

====Special Thanks====
The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.

[[File:BoulderSponsorAerstone.png]]

== Upcoming Events ==

====Thursday, June 27th at 6pm – Gene Kim on DevOps====

'''About the speaker''' 
'''Gene Kim''' is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire, which commercialized the open source software he wrote in 1992 with Dr. Gene Spafford at Purdue University. He is the author of “[http://www.amazon.com/Visible-Ops-Handbook-Implementing-Practical/dp/0975568612/ref=sr_1_1?ie=UTF8&qid=1327709357&sr=8-1 The Visible Ops Handbook],” and “[http://www.amazon.com/Visible-Ops-Security-Operations-ebook/dp/B003J35A0A/ref=sr_1_2?ie=UTF8&qid=1327709357&sr=8-2 The Security Visible Ops Handbook],”which has sold over 200K copies to date. Gene is also the author of [http://itrevolution.com/books/phoenix-project-devops-book/ The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win].

Gene’s area of passion is helping companies build super-tribes where Development, IT Operations, Product and Project Management and Information Security simultaneously maximize throughput of features from “code complete” to “in production,” without causing chaos and disruption to the IT environment. He’s helped some of the largest Internet properties, such as Microsoft, Yahoo!, AOL and Microsoft companies he’s worked with Microsoft. He loves finding and fixing bottlenecks which impede and frustrate the entire organization, enabling management from each tribe to achieve the greater organizational goals.

{| style="width:100%;" border="0" align="left" cellpadding="5"
|-
| style="width:6em;" | '''When'''
| | Thursday, June 27th
|-
| | '''Agenda'''
| | 6:00 - 6:30: Food, drink, and networking 6:30 - 7:00: Chapter business and group discussion 7:00 - 8:00: '''Gene Kim on DevOps:''' Maximizing the benefit of DevOps without sacrificing secure code development practices.
|-
| | '''Location'''
| | [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor). '''Subject to change to accommodate overflow attendance.'''
|-
| | '''Parking'''
| | Free parking one block north of Aerstone through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
|-
| | '''Virtual'''
| | Remote attendees may participate through [https://questconsultants.webex.com/questconsultants/j.php?ED=207871237&UID=0&RT=MiM2 WebEx].
|-
| | '''RSVP'''
| | Available through [http://www.meetup.com/OWASP-Boulder/events/124446512/ MeetUp.com].
|}

 

[[Category:OWASP Chapter]]
[[Category:Colorado]]

Boulder

2013-06-14T17:16:05Z

Mark Major: Added a blurb about remote attendance through WebEx. Putting info in table format for cleaner alignment

{{Chapter Template|chaptername=Boulder|extra=The chapter leader is [[User:Mark_Major|Mark Major]].
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-boulder|emailarchives=http://lists.owasp.org/pipermail/owasp-boulder}}

====Special Thanks====
The Boulder chapter is grateful for the continued sponsorship of Aerstone. Thank you for providing the venue, refreshments, and other resources necessary to keep the chapter running strong.

[[File:BoulderSponsorAerstone.png]]

== Upcoming Events ==

====Thursday, June 27th at 6pm – Gene Kim on DevOps====

'''About the speaker''' 
'''Gene Kim''' is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire, which commercialized the open source software he wrote in 1992 with Dr. Gene Spafford at Purdue University. He is the author of “[http://www.amazon.com/Visible-Ops-Handbook-Implementing-Practical/dp/0975568612/ref=sr_1_1?ie=UTF8&qid=1327709357&sr=8-1 The Visible Ops Handbook],” and “[http://www.amazon.com/Visible-Ops-Security-Operations-ebook/dp/B003J35A0A/ref=sr_1_2?ie=UTF8&qid=1327709357&sr=8-2 The Security Visible Ops Handbook],”which has sold over 200K copies to date. Gene is also the author of [http://itrevolution.com/books/phoenix-project-devops-book/ The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win].

Gene’s area of passion is helping companies build super-tribes where Development, IT Operations, Product and Project Management and Information Security simultaneously maximize throughput of features from “code complete” to “in production,” without causing chaos and disruption to the IT environment. He’s helped some of the largest Internet properties, such as Microsoft, Yahoo!, AOL and Microsoft companies he’s worked with Microsoft. He loves finding and fixing bottlenecks which impede and frustrate the entire organization, enabling management from each tribe to achieve the greater organizational goals.

{| style="width:100%;" border="0" align="left" cellpadding="5"
|-
| style="width:6em;" | '''When'''
| | Thursday, June 27th
|-
| | '''Agenda'''
| | 6:00 - 6:30: Food, drink, and networking 6:30 - 7:00: Chapter business and group discussion 7:00 - 8:00: '''Gene Kim on DevOps:''' Maximizing the benefit of DevOps without sacrificing secure code development practices.
|-
| | '''Location'''
| | [https://aerstone.com/ Aerstone], located at [https://maps.google.com/maps?q=1711+Pearl+St,+Boulder,+CO+80302&hl=en&ll=40.018955,-105.272412&spn=0.005801,0.016512&sll=40.019446,-105.273058&layer=c&cbp=13,345.63,,0,0.03&cbll=40.019323,-105.273016&hnear=1711+Pearl+St,+Boulder,+Colorado+80302&t=m&z=17&panoid=5v0RhKi7sjpi-Z5HcgKFFw 1711 Pearl St.] (3rd floor). '''Subject to change to accommodate overflow attendance.'''
|-
| | '''Parking'''
| | Free parking one block north of Aerstone through the [http://files.meetup.com/3503072/Parking.png Whittier Neighborhood Zone].
|-
| | '''Remote'''
| | Remote attendees may participate through [https://questconsultants.webex.com/questconsultants/j.php?ED=207871237&UID=0&RT=MiM2 WebEx].
|-
| | '''RSVP'''
| | Available through [http://www.meetup.com/OWASP-Boulder/events/124446512/ MeetUp.com].
|}

 

[[Category:OWASP Chapter]]
[[Category:Colorado]]

Boulder

2013-06-14T16:08:02Z

Mark Major: Moving the presentation time from 7:15 to 7:00 to afford Gene a bit more time.

Individual Member

2013-04-26T20:26:58Z

Mark Major:

*As a member of the internet community you agree with the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project ethics and principles] of the OWASP Foundation.
*You want to underscore your awareness of software security.
*You want to continue to increase your knowledge and expand your skills when attending OWASP conferences at a discount.
*You want to expand your personal network of global contacts? [http://www.linkedin.com/e/gis/36874 OWASP Linked'In Group]
*40% of your annual membership fee directly supports project and efforts of the local chapter.
*You get a @OWASP.ORG email address if you desire to collaborate with peers globally, do not have to use your company/personal email address if you do not want to. [http://sl.owasp.org/contactus Submit a request.]
*You will have (1) vote for annual elections on issues that shape the direction of the professional community.

'''$50'''/USD 12 month term [[Image:Join_Now_BlueIcon.JPG|75px|link=https://www.owasp.org/index.php/Membership_Map]]

[[newmembership|Return to Membership]]

Owasp.org email address

2013-04-26T20:26:03Z

Mark Major: Added a URL to "submit a request".

You get a @OWASP.ORG email address if you desire to collaborate with peers globally, do not have to use your company/personal email address if you do not want to.

[http://sl.owasp.org/contactus Submit a request.]

[[newmembership|Return to membership overview.]]

Front Range OWASP Conference 2013/Schedule

2013-04-09T03:17:48Z

Mark Major: Commented out "subject to change" disclaimer and CFP schedule.

==SnowFROC 2013 Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)''
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]''
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]''
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]''
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]''
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]''
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
Dan Wilson
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Sponsors

2013-04-04T15:42:58Z

Mark Major: Commented out the sponsorship package options

==Current Sponsors==

=== [https://aerstone.com/ Aerstone] ===

{| style="width: 100%;"
|- valign="top"
| Aerstone provides strategic and technical cyber security consulting services including assessments, planning, architecture designed incident response, regulatory compliance, and computer forensics. We provide services and products for medium to large healthcare providers, financial services organizations and legal firms, and law enforcement. Clients range from local businesses to government agencies.
| style="width: 200px; |
| [[Image:BoulderSponsorAerstone.png|160px| link=http://aerstone.com |alt=Aerstone|right]]
|}

=== [http://www.appliedtrust.com/ Applied Trust] ===

{| style="width: 100%;"
|- valign="top"
| AppliedTrust provides IT infrastructure, security, and opensource consulting services. Our clients are organizations where effective IT is critical to the reputation and growth of their business, and hail from a variety of industries including healthcare, financial services, hospitality, recreation, and government. Our specialty areas include:
 
<ul>
<li>Web Application Security</li>
<li>Drupal and Linux</li>
<li>Security</li>
<li>Technology Selection and Implementation</li>
<li>Operations</li>
<li>Performance and High Availability</li>
<li>Assessment and Audit</li>
<li>System, Network, and Security Architecture</li>
<li>Strategy and Governance</li>
</ul>
| style="width: 200px; |
| [[Image:AppliedTrust.png |160px| link=http://www.appliedtrust.com|alt=Applied Trust|right]]
|}

=== [http://www.checkmarx.com Checkmarx] ===

{| style="width: 100%;"
|- valign="top"
| Checkmarx - Source Code Analysis Made Easy

Checkmarx is the developer of next generation Static Code Analysis (SCA) solutions. The company pioneered the concept of a query language-based solution for identifying technical and logical code vulnerabilities. Checkmarx provides the best way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The product enables developers and auditors to easily scan un-compiled / un-built code in all major coding languages anywhere, anytime. CxSuite's application security testing is available in both "On Premise" and "On Demand" configurations. The security testing scans for the most prevalent security vulnerabilities as determined by OWASP Top 10, SANS, and other major standards. Checkmarx was recognized by Gartner as sole visionary in their latest SAST magic quadrant and as Cool vendor in application security. Customers include Fortune 500, government organizations and SMBs in over 30 countries.
| style="width: 200px; |
| [[Image:Checkmarx.png |160px| link=http://www.checkmarx.com/|alt=Checkmarx|right]]
|}

=== [http://www.hp.com/ HP] ===

{| style="width: 100%;"
|- valign="top"
| HP is a leading provider of security and compliance solutions for the modern enterprise that wants to mitigate risk in its hybrid environment and defend against advanced threats. Based on market leading products from HP ArcSight, HP Fortify, and HP TippingPoint, the HP Security Intelligence Platform uniquely delivers the advanced correlation, application protection, and network defenses to protect today’s hybrid IT infrastructure from sophisticated cyber threats.
| style="width: 200px; |
| [[Image:HP.png |160px| link=http://www.hp.com/ |alt=HP|right]]
|}

=== [http://www.securitypursuit.com/ Security Pursuit] ===

{| style="width: 100%;"
|- valign="top"
| Security Pursuit provides computer security services to help organizations protect their critical information systems. Based in Denver, Colorado, Security Pursuit's services include: IT Security Risk Analysis, Data Breach Incident Response, Network Penetration Testing and Vulnerability Assessments, Website Penetration Testing and Vulnerability Assessments, Wireless Network Security, Social Engineering Prevention, Security Awareness Training, Employee Termination Assistance and Virtual CISO consulting. We have conducted hundreds of security assessments for financial institutions, healthcare providers, retailers, utilities, airports, and municipal governments; many in support of PCI, GLBA, NCUA, and HIPAA compliance requirements. Security Pursuit’s computer security services provide you with a higher level of awareness about the security posture of your organization.
| style="width: 200px; |
| [[Image:SecurityPursuit.png |160px| link=http://www.securitypursuit.com/ |alt=Security Pursuit|right]]
|}

=== [http://www.southseascorp.com/ SouthSeas] ===

{| style="width: 100%;"
|- valign="top"
| Escaping network insecurity means identifying and eliminating vulnerability at each and every level. At South Seas Corporation, we consider the big picture and the finest details of your information technology, from computers to routers to servers and the cabling between, from intranets to the internet, from mobile devices to web applications to remote networks across the globe. We also address administrative issues, including security policy and federal compliance. Of course, your budget is top of mind from the beginning. The end result is a tailored solution designed to secure every byte of information traveling through, to and around your organization at every point, installed by certified experts trained to work hand in hand with your IT department. Take a load off your mind with South Seas Corporation.
| style="width: 200px; |
| [[Image:SouthSeas.png |160px| link=http://www.southseascorp.com/|alt=SouthSeas|right]]
|}

=== [https://www.veracode.com/ Veracode] ===

{| style="width: 100%;"
|- valign="top"
| Today most global enterprises live under the constant threat of being hacked, which begs this critical question – how do they innovate and rapidly release new and improved applications required to be an industry leader while still securing their organizations critical IP and data assets? Before Veracode, application security was widely thought to slow innovation, but not anymore. With the Veracode Platform, application security and innovation can go hand-in-hand. Whether applications are built, brought or outsourced, Veracode’s patented testing technology provides the intelligence needed to quickly secure them from the most common forms of attack.
| style="width: 200px; |
| [[Image:Veracode.png |160px| link=https://www.veracode.com/ |alt=Veracode|right]]
|}

Front Range OWASP Conference 2013/boaf4a

2013-03-29T16:18:45Z

Mark Major:

COTS solutions for secure enterprise architectures

Front Range OWASP Conference 2013/boaf3a

2013-03-29T16:18:05Z

Mark Major:

Access Control

Front Range OWASP Conference 2013/boaf2a

2013-03-29T16:17:07Z

Mark Major:

The modern threatscape: what have you seen?

Front Range OWASP Conference 2013/boaf1a

2013-03-29T16:16:17Z

Mark Major:

DevOps in Cloud environments

Front Range OWASP Conference 2013/Speakers

2013-03-28T05:12:22Z

Mark Major: Added Dan Wilson

{{:Front_Range_OWASP_Conference_2013/Speakers/Brady}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Bravo}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Chan}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Chrastil}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Conklin}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Disney-Leugers}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Feinroth}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Earle}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Glanville}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Jex}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Lelewski}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Manico}}

{{:Front_Range_OWASP_Conference_2013/Speakers/McCoy}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Rojas}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Rose}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Shumway}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Smith}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Weaver}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Willson}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Wilson}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Wolff}}

{{:Front_Range_OWASP_Conference_2013/Speakers/Ziring}}

Front Range OWASP Conference 2013/Speakers/Wilson

2013-03-28T05:11:59Z

Mark Major: Updated with the generic/nobody photo

== Dan Wilson ==

{| style="width: 100%;"
|- valign="top"
| Dan is a managing consultant at IBM Security Services and directs Penetration Testing and Emergency Response Services for IBM in the North Amercian region. Dan's team assists clients in proactively identifying existing security threats to company assets and assists them in developing plans to reduce the risk of and prepare for the handling of cyber-incidents. When incidents do occur, his team will respond 24x7 to assist the client in quickly eliminating the threat.

Dan has been with IBM for 18 years, with 12 years in Information Security. He graduated with a Bachelors degree in Computer Science from Brigham Young University, and has completed an MBA with Regis University. Dan has worked in numerous areas of security at IBM including: Infrastructure security policy and best practices, malware threat prevention, vulnerability management, penetration testing and application security, and incident and forensic response.
| style="width: 200px; |

| [[Image:Noimagen.jpg|160px|alt=Casey Smith|right]]
|}

Front Range OWASP Conference 2013/Speakers/Wilson

2013-03-28T05:10:47Z

Mark Major: Updated the general format

== Dan Wilson ==

{| style="width: 100%;"
|- valign="top"
| Dan is a managing consultant at IBM Security Services and directs Penetration Testing and Emergency Response Services for IBM in the North Amercian region. Dan's team assists clients in proactively identifying existing security threats to company assets and assists them in developing plans to reduce the risk of and prepare for the handling of cyber-incidents. When incidents do occur, his team will respond 24x7 to assist the client in quickly eliminating the threat.

Dan has been with IBM for 18 years, with 12 years in Information Security. He graduated with a Bachelors degree in Computer Science from Brigham Young University, and has completed an MBA with Regis University. Dan has worked in numerous areas of security at IBM including: Infrastructure security policy and best practices, malware threat prevention, vulnerability management, penetration testing and application security, and incident and forensic response.
| style="width: 200px; |
| [[Image:SnowFROC2013_Wilson.jpg|160px|alt=Dan Willson|right]]
|}

Front Range OWASP Conference 2013/Speakers/Wilson

2013-03-28T05:08:56Z

Mark Major: Initial stub

Dan is a managing consultant at IBM Security Services and directs Penetration Testing and Emergency Response Services for IBM in the North Amercian region. Dan's team assists clients in proactively identifying existing security threats to company assets and assists them in developing plans to reduce the risk of and prepare for the handling of cyber-incidents. When incidents do occur, his team will respond 24x7 to assist the client in quickly eliminating the threat.

Dan has been with IBM for 18 years, with 12 years in Information Security. He graduated with a Bachelors degree in Computer Science from Brigham Young University, and has completed an MBA with Regis University. Dan has worked in numerous areas of security at IBM including: Infrastructure security policy and best practices, malware threat prevention, vulnerability management, penetration testing and application security, and incident and forensic response.

User:Mark Major

2013-03-26T23:26:48Z

Mark Major: Added a picture and restructured the format into a simple table

== Mark Major ==

{| style="width: 100%;"
|- valign="top"
| By day Mark works as a cybersecurity engineer and penetration tester for [http://www.aerstone.com Aerstone], and by night he runs the [[Boulder]] OWASP chapter. Current projects are planning [[Front_Range_OWASP_Conference_2013|SnowFROC 2013]] and coordinating an accompanying [[Front_Range_OWASP_Conference_2013#Capture the Flag|CTF competition]].

To learn more about the Boulder Chapter or the CTF project, drop by one of the [http://www.meetup.com/OWASP-Boulder/ free meetings].

To just say 'hey', drop a note to mark dot major at owasp dot org.
| style="width: 200px; |
| [[Image:BOWASP_Major.jpg|160px|alt=Mark Major|right]]
|}

File:BOWASP Major.jpg

2013-03-26T23:19:33Z

Mark Major:

Front Range OWASP Conference 2013/Schedule

2013-03-26T15:40:35Z

Mark Major: Added keynote title

====SnowFROC 2013 schedule====
This schedule is subject to frequent changes as the conference draws nearer.

==CFP Schedule==

Abstract collection will begin January 14th and continue until all speaking slots are filled. Rolling evaluations will occur and selected papers will be announced each Monday beginning on February 11th.

Final presentations of accepted abstracts must be submitted for review by March 17th. Presentations will be delivered during the conference on March 28th.

(See the [[Front_Range_OWASP_Conference_2013#CFP|CFP]] section for additional dates and details.)

==Day of Event Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address: Data Protection for the 21st Century''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)''
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]''
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]''
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates Hate This Legislation''' ''Maureen Donohue Feinroth]]''
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]''
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]''
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
Dan Wilson
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Presentations

2013-03-26T15:37:39Z

Mark Major: Added keynote title and speaker information (in lieu of an abstract)

=='''Keynote Address: 08:30 - 09:30'''==
===Data Protection for the 21st Century===
{{:Front_Range_OWASP_Conference_2013/Speakers/Ziring}}

=='''Session 1: 10:00 - 10:45'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/DevFu}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Chrastil|Danny Chrastil]]

{{:Front_Range_OWASP_Conference_2013/Presentations/SIP}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Disney-Leugers|Greg Disney-Leugers]]

{{:Front_Range_OWASP_Conference_2013/Presentations/BountyHunters}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Rose|Jon Rose]]

{{:Front_Range_OWASP_Conference_2013/Presentations/eDiscovery}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Shumway|Russ Shumway]]

=='''Session 2: 10:55 - 11:40'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/Headers}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Wolff|Zak Wolff]]

{{:Front_Range_OWASP_Conference_2013/Presentations/Malware}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Smith|Casey Smith]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CustomerService}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Rojas|Dan Rojas]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CloudForensics}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]

=='''Session 3: 12:40 - 13:25'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/AngryCars}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]

{{:Front_Range_OWASP_Conference_2013/Presentations/TopTen}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]

{{:Front_Range_OWASP_Conference_2013/Presentations/SaaS}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Earle|Andrew Earle]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CISPA}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Feinroth|Maureen Donohue Feinroth]]

=='''Session 4: 13:35 - 14:20'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/DevOps}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Bravo|Helen Bravo]]

{{:Front_Range_OWASP_Conference_2013/Presentations/XSSdotNET}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Conklin|Larry Conklin]]

{{:Front_Range_OWASP_Conference_2013/Presentations/OpenSAMM}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Jex|Alan Jex]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CSIRP}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Lelewski|Robert Lelewski]]

=='''Session 5: 14:30 - 15:15'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/CloudSec}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Chan|Jason Chan]]

{{:Front_Range_OWASP_Conference_2013/Presentations/ZeroDays}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Brady|Joe Brady]]

{{:Front_Range_OWASP_Conference_2013/Presentations/DesktopAppSec}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/McCoy|Jon McCoy]]

{{:Front_Range_OWASP_Conference_2013/Presentations/InfoEcosystem}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Glanville|Tom Glanville]]

=='''Friday Sessions (3/29): 09:00-13:00'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/SecureCoding}}
 '''Track:''' Training
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CTF_Postmortem}}
 '''Track:''' Testing
 '''Speaker:''' [[User:Mark_Major|Mark Major]]

File:SnowFROC2013 Jex.jpg

2013-03-25T16:30:16Z

Mark Major:

Front Range OWASP Conference 2013/Schedule

2013-03-25T00:53:51Z

Mark Major: Updated final pending sponsor information.

====SnowFROC 2013 schedule====
This schedule is subject to frequent changes as the conference draws nearer.

==CFP Schedule==

Abstract collection will begin January 14th and continue until all speaking slots are filled. Rolling evaluations will occur and selected papers will be announced each Monday beginning on February 11th.

Final presentations of accepted abstracts must be submitted for review by March 17th. Presentations will be delivered during the conference on March 28th.

(See the [[Front_Range_OWASP_Conference_2013#CFP|CFP]] section for additional dates and details.)

==Day of Event Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)''
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]''
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]''
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates This Legislation''' ''Maureen Donohue Feinroth]]''
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]''
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]''
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
Dan Wilson
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Introduction

2013-03-22T23:52:20Z

Mark Major: Updated the Friday training to reflect Aaron Weaver as the instructor instead of Jim Manico.

====Welcome to SnowFROC 2013 - the 5th Annual Front Range OWASP Security Conference====

[[Image:SnowFROC_Register.png|256px |link=http://www.cvent.com/d/dcqr8m |alt=Click here to register |Register]]

The Colorado OWASP chapters are proud to present the 5th annual SnowFROC. Join 300 other developers, business owners, and security professionals for a day-and-a-half of presentations, training, and Birds-of-a-Feather (BoaF) sessions. The SnowFROC 2013 keynote speaker is Neal Ziring, Technical Director of InfoProtection at NSA.

The conference will occur on Thursday, March 28th at the [[Front_Range_OWASP_Conference_2013#Venue | Denver Marriott City Center]] and will feature four primary tracks:
*High-Level Technical
*Deep-Dive / Hands-on Technical
*Management
*Legal

Running in parallel to the conference proceedings will be a capture the flag (CTF) hacking competition developed exclusively for SnowFROC by Boulder OWASP chapter members. The day will conclude with a moderated panel discussion featuring top industry leaders.

On Friday, March 29, [[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]] will teach a course in secure coding. '''This training is free to SnowFROC attendees!'''

Friday will also offer BoaF sessions. Join like-minded industry leaders and discuss pressing issues facing the industry and you. BoaF sessions are self-lead and may address and issue you would like. Pitch your idea and get the ball rolling!

Finally, Friday will feature a postmortem of the CTF tournament. In addition to discussing solutions, techniques, and tools, we will encourage participants to attack the previously out-of-bounds CTF framework. Itching to break into the scoreboard and rack up the points? The gloves come off Friday morning.

==Conference Committee==
[[User:Mark_Major|Mark Major]]: Director

[[User:Brad_Carvalho|Brad Carvalho]]: Sponsorship, Executive events
 [[User:Craig_Klosterman|Craig Klosterman]]: Merchandise
 [[User:Steve_Kosten|Steve Kosten]]: Sponsorship, Executive events
 [[User:Glen Matthes|Glen Matthes]]: Planning
 [[User:Chris_Rossi|Chris Rossi]]: CTF, Networking events
 [[User:Greg_Foss|Greg Foss]]: CTF

==Colorado Chapter Hosts==
[[Boulder|OWASP Boulder chapter]]: [[User:Mark_Major|Mark Major]]
 [[Denver|OWASP Denver chapter]]: [[User:Steve_Kosten|Steve Kosten]], [[User:Brad_Carvalho|Brad Carvalho]] (acting)

Front Range OWASP Conference 2013/Schedule

2013-03-22T18:24:07Z

Mark Major: Added David Willson to the panel discussion

====SnowFROC 2013 schedule====
This schedule is subject to frequent changes as the conference draws nearer.

==CFP Schedule==

Abstract collection will begin January 14th and continue until all speaking slots are filled. Rolling evaluations will occur and selected papers will be announced each Monday beginning on February 11th.

Final presentations of accepted abstracts must be submitted for review by March 17th. Presentations will be delivered during the conference on March 28th.

(See the [[Front_Range_OWASP_Conference_2013#CFP|CFP]] section for additional dates and details.)

==Day of Event Schedule==
 

{| style="width:95%; border-collapse:collapse;" border="1" align="right"
! style="width:10%; border-left: 1px solid white; border-top: 1px solid white;" | '''Thu, Mar 28'''
! style="width:19%; border-bottom: 1px solid black; background:#E8D0A9" align="center" | Technical Track
! style="width:19%; border-bottom: 1px solid black; background:#DFC184" align="center" | Deep-Dive Track
! style="width:19%; border-bottom: 1px solid black; background:#F2F2F2" align="center" | Management Track
! style="width:19%; border-bottom: 1px solid black; background:#B7AFA3" align="center" | Legal Track
| style="border-right: 1px solid white; border-top: 1px solid white;" align="center" rowspan="5" |
|-
| style="background:#024C68; color:white" align="center" | 07:00-08:30
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Registration and Morning Snacks''' ''Sponsored by [http://www.hpenterprisesecurity.com.com '''HP''']''
|-
| style="background:#024C68; color:white" align="center" | 08:00-08:15
| colspan="4" style="background:#E0E0E0" align="center" | '''Welcome and Kick-off''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 08:15-08:30
| colspan="4" style="background:#E0E0E0" align="center" | '''State of OWASP''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 08:30-09:30
| colspan="4" style="background:#E0E0E0" align="center" | '''Keynote Address''' ''[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]], Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)''
|-
| style="background:#024C68; color:white" align="center" | 09:30-10:00
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' Coffee provided by [SPONSORSHIP AVAILABLE]
| style="background:#C1DAD6" align="center" | '''CTF Kick-off''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 10:00-10:45
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech1|'''DevFu: The inner ninja in every application developer''' ''Danny Chrastil'']]
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Tech2|'''SIP Based Cloud Instances''' ''Gregory Disney-Leugers]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt1|'''Digital Bounty Hunters - Decoding Bug Bounty Programs''' ''Jon Rose]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess1_Mgmt2|'''Electronic Discovery for System Administrators''' ''Russell Shumway]]''
| style="background:#C1DAD6" align="center" rowspan="9" | [[Front_Range_OWASP_Conference_2013/CTF|'''CTF''']] ''Sponsored by [https://aerstone.com '''Aerstone''']''
|-
| style="background:#024C68; color:white" align="center" | 10:55-11:40
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech1|'''Adventures in Large Scale HTTP Header Abuse''' ''Zachary Wolff]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Tech2|'''How Malware Attacks Web Applications''' ''Casey Smith]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt1|'''Linking Security to Business Value in the Customer Service Industry''' ''Dan Rojas]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess2_Mgmt2|'''Legal Issues of Forensics in the Cloud''' ''David Willson]]''
|-
| style="background:#024C68; color:white" align="center" | 11:40-12:40
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Lunch and Sponsor Expo''' Lunch provided by [SPONSORSHIP AVAILABLE]
|-
| style="background:#024C68; color:white" align="center" | 12:40-13:25
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech1|'''Angry Cars: Hacking the "Car as Platform"''' ''Aaron Weaver]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Tech2|'''Top Ten Web Application Defenses''' ''Jim Manico]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt1|'''Using SaaS and the Cloud to Secure the SDLC''' ''Andrew Earle]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess3_Mgmt2|'''CISPA: Why Privacy Advocates This Legislation''' ''Maureen Donohue Feinroth]]''
|-
| style="background:#024C68; color:white" align="center" | 13:35-14:20
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech1|'''DevOps and Security: It's Happening. Right Now.''' ''Helen Bravo]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech2|'''A Demo of and Preventing XSS in .NET Applications''' ''Larry Conklin]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt1|'''Measuring Security Best Practices With OpenSAMM''' ''Alan Jex]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Mgmt2|'''Crafting a Plan for When Security Fails''' ''Robert Lelewski]]''
|-
| style="background:#024C68; color:white" align="center" | 14:30-15:15
| style="background:#E8D0A9" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess4_Tech1|'''Real World Cloud Application Security''' ''Jason Chan]]''
| style="background:#DFC184" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Tech2|'''Data Mining a Mountain of Zero Day Vulnerabilities''' ''Joe Brady]]''
| style="background:#F2F2F2" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt1|'''Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)''' ''Jon McCoy]]''
| style="background:#B7AFA3" align="center" | [[Front_Range_OWASP_Conference_2013/Sessions/Sess5_Mgmt2|'''Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem''' ''Tom Glanville]]''
|-
| style="background:#024C68; color:white" align="center" | 15:15-15:45
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break and Sponsor Expo''' Coffee provided by [SPONSORSHIP AVAILABLE]
|-
| style="background:#024C68; color:white" align="center" | 15:45-16:45
| colspan="4" style="background:#E0E0E0" align="center" | '''Moderated Panel Discussion''' ''
[[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]
[[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]
Dan Wilson
[[Front_Range_OWASP_Conference_2013/Speakers/Ziring|Neal Ziring]]
Moderator: [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]''
|-
| style="background:#024C68; color:white" align="center" | 16:45-17:00
| colspan="4" style="background:#E0E0E0" align="center" | '''Closing Statements''' ''[[User:Brad_Carvalho|Brad Carvalho]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 17:00-
| colspan="4" style="background:#E0E0E0" align="center" | '''Sponsor Raffles, Drawings, and Contests'''
| style="background:#C1DAD6" align="center" | '''CTF Wrap-Up''' ''[[User:Chris_Rossi|Chris Rossi]], [[User:Mark_Major|Mark Major]]''
|-
| style="background:#024C68; color:white" align="center" | 19:00-22:00+
| colspan="4" style="background:#AEBEC3; color:#024C68" align="center" | '''After-party at [http://denverpoolhall.com/ Tarantula Billiards]''' ''Sponsored by [https://www.appliedtrust.com '''AppliedTrust''']'' ''Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)''
| style="background:#C1DAD6" align="center" | '''Awards Ceremony''' ''at [http://denverpoolhall.com/ Tarantula]'' (20:00)
|-
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white; border-top: 1px solid black;" | 
| style="border-left: 1px solid white; border-right: 1px solid white;" colspan="4" |
| style="border-left: 1px solid white; border-right: 1px solid white; border-bottom: 1px solid white" |
|-
! style="border-left: 1px solid white; border-top: 1px solid white;" | '''Fri, Mar 29'''
! style="border-bottom: 1px solid black; background:#E8D0A9" align="center" | Training
! style="border-bottom: 1px solid black; background:#DFC184" align="center" | Birds of a Feather: A
! style="border-bottom: 1px solid black; background:#F2F2F2" align="center" | Birds of a Feather: B
! style="border-bottom: 1px solid black; background:#B7AFA3" align="center" | Capture the Flag
| style="border-right: 1px solid white; border-bottom: 1px solid white;" rowspan="6" |
|-
| style="width:10%; background:#024C68; color:white" align="center" | 09:00-9:45
| style="width:20%; background:#E8D0A9" align="center" rowspan="5" | [[Front_Range_OWASP_Conference_2013/Sessions/Training | '''Training: Secure Coding''' ''Aaron Weaver'']]
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1a}} ''([[Front_Range_OWASP_Conference_2013/boaf1a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf1b}} ''([[Front_Range_OWASP_Conference_2013/boaf1b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF VM
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:00-10:45
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2a}} ''([[Front_Range_OWASP_Conference_2013/boaf2a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf2b}} ''([[Front_Range_OWASP_Conference_2013/boaf2b|edit]])''
|-
| style="width:10%; background:#024C68; color:white" align="center" | 10:45-11:15
| colspan="3" style="background:#AEBEC3; color:#024C68" align="center" | '''Coffee Break''' Provided by [SPONSORSHIP AVAILABLE]
|-
| style="width:10%; background:#024C68; color:white" align="center" | 11:15-12:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3a}} ''([[Front_Range_OWASP_Conference_2013/boaf3a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf3b}} ''([[Front_Range_OWASP_Conference_2013/boaf3b|edit]])''
| style="width:20%; background:#B7AFA3" align="center" rowspan="2" | FLOSSHack: CTF Scoreboard
|-
| style="width:10%; background:#024C68; color:white" align="center" | 12:15-13:00
| style="width:20%; background:#DFC184" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4a}} ''([[Front_Range_OWASP_Conference_2013/boaf4a|edit]])''
| style="width:20%; background:#F2F2F2" align="center" | {{:Front_Range_OWASP_Conference_2013/boaf4b}} ''([[Front_Range_OWASP_Conference_2013/boaf4b|edit]])''
|}

Front Range OWASP Conference 2013/Presentations

2013-03-22T16:09:05Z

Mark Major:

=='''Session 1: 10:00-10:45'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/DevFu}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Chrastil|Danny Chrastil]]

{{:Front_Range_OWASP_Conference_2013/Presentations/SIP}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Disney-Leugers|Greg Disney-Leugers]]

{{:Front_Range_OWASP_Conference_2013/Presentations/BountyHunters}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Rose|Jon Rose]]

{{:Front_Range_OWASP_Conference_2013/Presentations/eDiscovery}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Shumway|Russ Shumway]]

=='''Session 2: 10:55-11:40'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/Headers}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Wolff|Zak Wolff]]

{{:Front_Range_OWASP_Conference_2013/Presentations/Malware}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Smith|Casey Smith]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CustomerService}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Rojas|Dan Rojas]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CloudForensics}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Willson|David Willson]]

=='''Session 3: 12:40-13:25'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/AngryCars}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]

{{:Front_Range_OWASP_Conference_2013/Presentations/TopTen}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Manico|Jim Manico]]

{{:Front_Range_OWASP_Conference_2013/Presentations/SaaS}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Earle|Andrew Earle]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CISPA}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Feinroth|Maureen Donohue Feinroth]]

=='''Session 4: 13:35-14:20'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/DevOps}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Bravo|Helen Bravo]]

{{:Front_Range_OWASP_Conference_2013/Presentations/XSSdotNET}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Conklin|Larry Conklin]]

{{:Front_Range_OWASP_Conference_2013/Presentations/OpenSAMM}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Jex|Alan Jex]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CSIRP}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Lelewski|Robert Lelewski]]

=='''Session 5: 14:30-15:15'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/CloudSec}}
 '''Track:''' Technical
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Chan|Jason Chan]]

{{:Front_Range_OWASP_Conference_2013/Presentations/ZeroDays}}
 '''Track:''' Deep Dive
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Brady|Joe Brady]]

{{:Front_Range_OWASP_Conference_2013/Presentations/DesktopAppSec}}
 '''Track:''' Management
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/McCoy|Jon McCoy]]

{{:Front_Range_OWASP_Conference_2013/Presentations/InfoEcosystem}}
 '''Track:''' Executive/Legal
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Glanville|Tom Glanville]]

=='''Friday Sessions (3/29): 09:00-13:00'''==
{{:Front_Range_OWASP_Conference_2013/Presentations/SecureCoding}}
 '''Track:''' Training
 '''Speaker:''' [[Front_Range_OWASP_Conference_2013/Speakers/Weaver|Aaron Weaver]]

{{:Front_Range_OWASP_Conference_2013/Presentations/CTF_Postmortem}}
 '''Track:''' Testing
 '''Speaker:''' [[User:Mark_Major|Mark Major]]