OWASP - User contributions [en]

Cleveland

2014-02-27T14:48:38Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-2:00pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation:

''''''Information Disclosure: Looking Beyond Vulnerabilities to Freebies''''''

By: Bill Sempf (@sempf)

While the application security community is focused on tools that test for various vulnerabilities, your servers, developers and organization could be giving out valuable details that just makes an attacker's job so much easier - free information. No vulnerability scanner will find the Stack Overflow post with admin credentials, or the 'hidden' file with a test account, or that obscure error message that makes your database barf. Bill will take you through hands on testing that you can try today: finding out about what your applications, servers, networks, and people are telling attackers about your innermost secrets.

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Courtney Satink - [mailto:csatink@securestate.com csatink@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-27T14:48:22Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-2:00pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation:

''''''Information Disclosure: Looking Beyond Vulnerabilities to Freebies''''''

By: Bill Sempf (@sempf)
While the application security community is focused on tools that test for various vulnerabilities, your servers, developers and organization could be giving out valuable details that just makes an attacker's job so much easier - free information. No vulnerability scanner will find the Stack Overflow post with admin credentials, or the 'hidden' file with a test account, or that obscure error message that makes your database barf. Bill will take you through hands on testing that you can try today: finding out about what your applications, servers, networks, and people are telling attackers about your innermost secrets.

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Courtney Satink - [mailto:csatink@securestate.com csatink@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-27T14:47:26Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-2:00pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation:

''''''Information Disclosure: Looking Beyond Vulnerabilities to Freebies''''''

While the application security community is focused on tools that test for various vulnerabilities, your servers, developers and organization could be giving out valuable details that just makes an attacker's job so much easier - free information. No vulnerability scanner will find the Stack Overflow post with admin credentials, or the 'hidden' file with a test account, or that obscure error message that makes your database barf. Bill will take you through hands on testing that you can try today: finding out about what your applications, servers, networks, and people are telling attackers about your innermost secrets.

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Courtney Satink - [mailto:csatink@securestate.com csatink@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-27T14:47:02Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-2:00pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation:

''''''Information Disclosure: Looking Beyond Vulnerabilities to Freebies''''''
While the application security community is focused on tools that test for various vulnerabilities, your servers, developers and organization could be giving out valuable details that just makes an attacker's job so much easier - free information. No vulnerability scanner will find the Stack Overflow post with admin credentials, or the 'hidden' file with a test account, or that obscure error message that makes your database barf. Bill will take you through hands on testing that you can try today: finding out about what your applications, servers, networks, and people are telling attackers about your innermost secrets.

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Courtney Satink - [mailto:csatink@securestate.com csatink@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-27T14:45:46Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-2:00pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''Information Disclosure: Looking Beyond Vulnerabilities to Freebies''''''
While the application security community is focused on tools that test for various vulnerabilities, your servers, developers and organization could be giving out valuable details that just makes an attacker's job so much easier - free information. No vulnerability scanner will find the Stack Overflow post with admin credentials, or the 'hidden' file with a test account, or that obscure error message that makes your database barf. Bill will take you through hands on testing that you can try today: finding out about what your applications, servers, networks, and people are telling attackers about your innermost secrets.

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Courtney Satink - [mailto:csatink@securestate.com csatink@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-27T14:44:59Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-2:00pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''TBA''''''Information Disclosure: Looking Beyond Vulnerabilities to Freebies'''
While the application security community is focused on tools that test for various vulnerabilities, your servers, developers and organization could be giving out valuable details that just makes an attacker's job so much easier - free information. No vulnerability scanner will find the Stack Overflow post with admin credentials, or the 'hidden' file with a test account, or that obscure error message that makes your database barf. Bill will take you through hands on testing that you can try today: finding out about what your applications, servers, networks, and people are telling attackers about your innermost secrets.

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Courtney Satink - [mailto:csatink@securestate.com csatink@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-20T16:17:10Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-2:00pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''TBA'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Courtney Satink - [mailto:csatink@securestate.com csatink@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-19T18:58:57Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-1pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''TBA'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Courtney Satink - [mailto:csatink@securestate.com csatink@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-19T18:55:51Z

Mfranko: /* Past Events: */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-1pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''TBA'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

---------------------------------

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

---------------------------------

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

---------------------------------

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

---------------------------------

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-19T18:55:03Z

Mfranko: /* Past Events: */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-1pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''TBA'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-19T18:54:25Z

Mfranko: /* Past Events: */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-1pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''TBA'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Chris Clymer - Wednesday, January 8th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of January's Presentation, ''Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments'', is available '''[http://engage.securestate.com/owasp-cleveland-registration HERE]'''

'''''Abstract:'''''
The recent problems with Healthcare.gov highlight the fact that many organizations still struggle to secure applications they develop. During this talk, SecureState will take an apolitical approach to looking at what lessons can be learned from the Healthcare.gov rollout and how these lessons can be applied to software you are developing. During this talk, SecureState will use firsthand experience gained from helping a state based health exchange become operational and compliant to the various federal security standards, as well as public information on the security challenges the national exchange faces.

'''''Speaker Bios:'''''
Chris Clymer - As the Manager of SecureState’s Advisory Services practice, Chris Clymer works on the design and management of Security Programs as clients’ Security Program Manager (SPM). Chris’s core strengths of developing complex strategies and establishing specific priorities are keys to his ability to provide expert advisory leadership to clients looking to him for guidance. His expertise at defining objectives and conducting in-depth research also serves him well in this capacity. Chris questions frequently and thoroughly, initiates innovation, and improvises solutions – all valuable skills for leading our Advisory Services practice. Chris holds several industry certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Penetration Tester (GWAPT), and provisional ISO 27001 Auditor.

Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-19T18:48:30Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next OWASP Cleveland Chapter Meeting is scheduled for Thursday, April 10th from 11:30am-1pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''TBA'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2014-02-19T18:47:58Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Thursday, April 10th from 11:30am-1pm at Hyland Software! '''[http://engage.securestate.com/owasp-cleveland-registration-04102014 RSVP HERE]'''

'''
Join Us April 10th for Lunch, Networking, and our Featured Presentation: ''''''TBA'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:38:22Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://engage.securestate.com/owasp-cleveland-registration RSVP HERE]'''

'''
Join Us January 8th for Lunch, Networking, and our Featured Presentation: ''''''Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:38:08Z

Mfranko: /* Past Events: */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://engage.securestate.com/owasp-cleveland-registration RSVP HERE]'''

'''
Join Us January 8th for Lunch, Networking, and our Featured Presentation: ''''''Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:37:49Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://engage.securestate.com/owasp-cleveland-registration RSVP HERE]'''

'''
Join Us January 8th for Lunch, Networking, and our Featured Presentation: ''''''Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments'''''' '''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:36:43Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://engage.securestate.com/owasp-cleveland-registration RSVP HERE]'''

'''
Join Us January 8th for Lunch, Networking, and our Featured Presentation: ''''''Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments'''''' '''

'''
Thank you to everyone who joined us for the Cleveland Chapter OWASP Meeting on April 29th at Hyland Software!'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:35:57Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://engage.securestate.com/owasp-cleveland-registration RSVP HERE]'''

'''
Join Us January 8th for Lunch, Networking, and our Featured Presentation: ''Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments'' '''

'''
Thank you to everyone who joined us for the Cleveland Chapter OWASP Meeting on April 29th at Hyland Software!'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:35:37Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://engage.securestate.com/owasp-cleveland-registration RSVP HERE]'''
'''
Join Us January 8th for Lunch, Networking, and our Featured Presentation: ''Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments'' '''

'''
Thank you to everyone who joined us for the Cleveland Chapter OWASP Meeting on April 29th at Hyland Software!'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:32:49Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://engage.securestate.com/owasp-cleveland-registration RSVP HERE]'''
'''
Join Us for Lunch, Networking, and our Featured Presentation: Lessons Learned from HealthCare.gov - Integrating Security into Complex Software Deployments '''

'''
Thank you to everyone who joined us for the Cleveland Chapter OWASP Meeting on April 29th at Hyland Software!'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:31:20Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://engage.securestate.com/owasp-cleveland-registration RSVP HERE]'''

''''
Thank you to everyone who joined us for the Cleveland Chapter OWASP Meeting on April 29th at Hyland Software!'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-12-17T16:30:37Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! '''[http://http://engage.securestate.com/owasp-cleveland-registration HERE]'''

''''
Thank you to everyone who joined us for the Cleveland Chapter OWASP Meeting on April 29th at Hyland Software!'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-11-27T19:47:35Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
The Next Cleveland Chapter OWASP Meeting is scheduled for Wednesday, January 8th from 12pm-2pm at SecureState Headquarters! Additional Details and RSVP page to follow'''

''''
Thank you to everyone who joined us for the Cleveland Chapter OWASP Meeting on April 29th at Hyland Software!'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-05-03T15:49:53Z

Mfranko: /* Upcoming Meetings */

{{Chapter Template|chaptername=Cleveland|extra=The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-cleveland|emailarchives=http://lists.owasp.org/pipermail/owasp-cleveland}}

== Upcoming Meetings ==

'''
Thank you to everyone who joined us for the Cleveland Chapter OWASP Meeting on April 29th at Hyland Software!'''

Video of April's Presentation, ''Threat Modeling - The First Step in Secure Application Development'', is available '''[http://marketing.securestate.com/owasp-cleveland---meeting-registration HERE]'''

Information for our next meeting will be posted HERE as it comes available.

''''''Would you like to speak at an OWASP Cleveland Meeting?''''''
If we haven't approached you, but you believe you have new research that the security community would enjoy hearing about, we invite you to submit your presentation topic for consideration.

This chapter is dedicated to bringing together local businesses, students, and web and security enthusiasts in order to discuss current events, trends, tools, and offensive/defensive techniques related to web application security.

To speak at upcoming OWASP Cleveland meeting or suggest a speaker, please submit your ideas via email to Michael Wilt- [mailto:mwilt@securestate.com mwilt@securestate.com]

== '''Past Events:''' ==
Matt Neely & Tom Eston - Monday, April 29th from 11:00am - 2:00pm

'''Presentation: "Threat Modeling - The First Step in Secure Application Development"'''

'''''Abstract:'''''
Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development life cycle (SDLC) used by the developers. When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process. The remainder of the talk will focus on the threat modeling portion of the SecSDLC. During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.

'''''Speaker Bios:'''''
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm. At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world. Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.

Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.

Joe Kuemerle - Tuesday, December 18th from Noon – 2 p.m.

'''Presentation: Reverse Engineering .NET and Java'''

'''''Abstract:'''''
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. Enjoy a demo filled session on how easy it is to extract information from virtually any .NET or Java application.

'''''Speaker Bio:'''''
Kuemerle is a developer and speaker in the Cleveland, OH area specializing in .NET development, security, data base and application lifecycle topics. He is currently a Lead Developer at BookingBuilder Technologies and is active in the technical community as well as a speaker at local, regional and national events.

Kevin Johnson - Tuesday, March 22nd Noon – 2pm

'''Presentation:'''“Ninja Developers: Application Security Testing and Your SDLC.”'''

'''''Abstract:'''''
The security of enterprise software is one of the key risks organizations can start to control today. As new applications are developed and legacy software is updated, incorporating a measure of security testing can be one of the most critical ways to positively impact an organizations security posture. To properly validate the security of enterprise applications a 3rd party penetration test or assessment may be enlisted - but the cost of testing each application quickly makes this impractical. This situation presents a challenging problem.

Kevin Johnson will explain how your development staff can incorporate techniques distilled from years of experience into your organization's development and release methodology. Whether you're using Agile, RUP or Google programming, these tips and tricks will enable your developers to produce higher quality, more secure code right from the start. Kevin will reveal some of the secrets of the masters learned from experience and industry leadership over the past decade - and show you how you can insert security into your software development lifecycle with minimal disruption and maximum effectiveness.

'''''Speaker Bio:'''''
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking.

==== Chapter Meetings ====
To join the chapter mailing list, please visit our [http://lists.owasp.org/mailman/listinfo/owasp-cleveland mailing list] homepage. The list is used to discuss the meetings and to arrange meeting locations. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.

Our chapter is sponsored by [http://www.securestate.com/ SecureState].

==== Cleveland OWASP Chapter Leaders ====
The chapter leader is [mailto:kstasiak@securestate.com Ken Stasiak]
__NOTOC__
<headertabs/>

[[Category:OWASP Chapter]]
[[Category:Ohio]]

Cleveland

2013-04-30T17:23:47Z

Mfranko: /* Past Events: */

Cleveland

2013-04-30T17:21:58Z

Mfranko: /* Past Events: */

Cleveland

2013-04-30T17:20:47Z

Mfranko: /* Past Events: */

Cleveland

2013-04-30T17:19:22Z

Mfranko: /* Upcoming Meetings */

Cleveland

2013-04-18T16:57:05Z

Mfranko:

Cleveland

2013-04-18T16:55:38Z

Mfranko:

Cleveland

2013-04-03T20:29:23Z

Mfranko:

Cleveland

2013-04-03T20:28:40Z

Mfranko: /* Upcoming Meetings */

Cleveland

2013-04-03T20:26:35Z

Mfranko: /* Upcoming Meetings */

Cleveland

2013-04-03T20:25:02Z

Mfranko: /* Upcoming Meetings */

Cleveland

2013-04-03T20:24:36Z

Mfranko: /* Upcoming Meetings */

Cleveland

2013-04-03T20:22:02Z

Mfranko: /* Upcoming Meetings */

Cleveland

2013-04-03T20:21:24Z

Mfranko: /* Upcoming Meetings */

Cleveland

2013-04-03T20:01:51Z

Mfranko: /* Upcoming Meetings */

Cleveland

2013-04-03T20:01:06Z

Mfranko:

Cleveland

2013-01-29T21:05:53Z

Mfranko: /* Upcoming Meetings */

Cleveland

2012-12-19T17:24:41Z

Mfranko:

Cleveland

2012-12-19T17:23:43Z

Mfranko:

Cleveland

2012-12-19T17:21:35Z

Mfranko: /* Past Events: */

Cleveland

2012-12-19T17:21:16Z

Mfranko: /* Past Events: */

Cleveland

2012-12-19T17:20:55Z

Mfranko:

Cleveland

2012-12-19T17:20:01Z

Mfranko:

Cleveland

2012-12-19T17:19:27Z

Mfranko:

Cleveland

2012-11-29T22:18:16Z

Mfranko:

Cleveland

2012-11-29T22:17:36Z

Mfranko:

Cleveland

2012-11-29T22:16:56Z

Mfranko: