OWASP - User contributions [en]

Bay Area

2017-06-01T00:00:34Z

MichaelCoates: /* Our next event */ Updated events and leaders

= Bay Area Chapter Board =
Interested in finding out more? Will contact your with information on the first in person chapter board discussion in San Francisco

Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit http://www.meetup.com/Bay-Area-OWASP/ for all chapter event information.

== Our next event ==
We hold regular events across the OWASP Bay Area.

Check out our meetup page for upcoming events:
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*Travis McPeak - Chapter Leader
*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* William Bengtson
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:OWASP Chapter]]
[[Category:United_States]]
[[Category:California]]

May 9, 2017

2017-05-09T17:06:34Z

MichaelCoates:

Meeting Location:

'''VIRTUAL'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

Face to face meeting held in EWART room at the Belfast Hilton

'''AGENDA'''
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
- Approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]

REPORTS
[https://drive.google.com/a/owasp.org/file/d/0BxI4iTO_QojvWFZTbFJ4SFEwX1hYUDNpSDYya3dZR2drOW9R/view?usp=sharing March 2017 Board Financial Summary]

[https://drive.google.com/a/owasp.org/file/d/0BxI4iTO_Qojva19fV2tueUlrWTFoX2tDMVpFR0FWR2g2TDk0/view?usp=sharing March 2017 Summary Balance Sheet with Ratios]

OWASP Foundation is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.] A link to the monthly operational report can be found here: [https://owasp.blogspot.com/2017/05/owasp-operations-update-for-may-2017_5.html REPORT]

OLD BUSINESS

Affirmation of actions from last meeting [https://www.owasp.org/index.php/Board recorded material, votes and actions] [Board]
NEW BUSINESS
* Community correspondence [Tom Brennan]
* [https://docs.google.com/document/d/1T7xJ35isxZDGxJbF1eVwpzAdkkD0Prwszy1kstxgZeU/edit Proposal to have Foundation run AppSecs]. [Matt Konda]
* Chapters guidance [TJ]
* Executive Director Search [Johanna Curiel]
* AppSec Global Events [Tom Brennan]

* OWASP Summit request for 85K USD to get extra people to the summit and have a professional operations team in place (see email 8-May-2017). (Seba, Dinis, Francois)
* Owasp learning gateway $100k full time staff. - Hire full time staff member to build out the learning gateway. [https://docs.google.com/document/d/1fGDmxz7cuEkr_xMt_kp6Nb0uacQhvJ_9ymjYR77yqkk/edit]
* Owasp grant initiative $100k full time staff - Hire full time grant writer to work on grants for OWASP. [https://docs.google.com/document/d/1szWjXG_grUHZJryD_45XeC3DJF1qOifQjQRZxEJ5znY/edit]
* OWASP BLT development and marketing $5k, (12 monthly prizes of $100, $1200 + development) [https://docs.google.com/document/d/1aNyq43_gHq8cKMDGtlqTC6H-pv71lH7mNsMgg1WPpy4/edit]
* Owasp project kickstart. $10k - $100 to 100 projects to use Coderbounty on 2-5 of their Github tasks to get coding done. [https://docs.google.com/document/d/1ogGUjtHiSimzrnnXnEeCsAHn0qtAJ56S6cD7q_swlK4/edit]
* Owasp innovation lab $250k [https://docs.google.com/document/d/1J4lBJabLu8YWX6sDgwmGnfDP7tI2OVIH1jmkRnKyKrs/edit]
* Grant engine / Spurri $50k - development [https://docs.google.com/document/d/1payALh8RjuKAXi30m56hUiXgTzgYhuXm8B3QVqo1whU/edit]
* OWASP Hackathon sponsor $5k sponsor a hackathon with prizes and food for 2017 focused on OWASP [https://docs.google.com/document/d/13wCZgLugpjJS-5WcH3zn-n9ADZRke3GhNEP7EvjNi6Q/edit]
* Fundraiser events / membership drive $300 per month $3,600 - Have a monthly membership drive / fundraiser, $300 for food and drinks.[https://docs.google.com/document/d/1mZGhTo_tD_Ap-K-4qkI2sj8t8hPafzi6XVyVBrZ9Oac/edit]
* Volunteer portal project $50k - development of website.[https://docs.google.com/document/d/11o01Vw7tD6L9WKFIGmS8SKFr575V-aVUhNs61q1NORQ/edit]
* $30k for APAC tour $10k stipend for leaders Send 3 people with $10k stipend each. [https://docs.google.com/document/d/11o01Vw7tD6L9WKFIGmS8SKFr575V-aVUhNs61q1NORQ/edit]
* OWASP Mentor Initiative with HQ NY $6,000 [https://docs.google.com/document/d/1FS50Z9KUb-GKUG3GEMLfGT9SBxg6UfUuRiymO6ASqnQ/edit]
* OWASP Organizational Development Initiative with HQ Brooklyn $50,000 [https://docs.google.com/document/d/15kDHJRMkXIep27oB9YKLV7k51ErbafY5y8JKuc5g_f0/edit]
'''<u>OWASP ByLaw Update Proposal [JS]</u>'''

ByLaw amendment created by Josh Sokol, Bil Corry, and Jason Li. Update [https://www.owasp.org/index.php/OWASP_Foundation_ByLaws Section 3.03 of the OWASP ByLaws] to read:

... Attendance in person or virtually by board members is required at no less than 75% of the total meetings each year and shall be highly encouraged to meet in person at least once annually at a date to be announced and agreed upon. '''To be considered as "attended", the board member must attend at least 90% of the meeting, starting at the published scheduled time until the published end time or the meeting is adjourned (whichever is earlier).''' Attendance is tabulated by the Executive Director or delegate within seven days after every scheduled meeting for the purpose of determining if the 75% attendance requirement has been met, and the tabulation is based upon the entire calendar year. ...

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

OWASP AppSensor Project

2017-04-23T06:31:32Z

MichaelCoates: Fixed broken external link

=Main=

<div style="width:100%;height:120px;border:0,margin:0;overflow: hidden;">[[File:Appsensor-header.jpg|link=]]</div>
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=OWASP_Project_Stages#tab=Flagship_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== OWASP AppSensor ==

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement [https://www.owasp.org/index.php/ApplicationLayerIntrustionDetection intrusion detection and automated response] into applications.

The project offers a comprehensive guide and a reference implementation. These resources can be used by architects, developers, security analyst and system administrators to plan, implement and monitor an AppSensor system.

== Introduction ==

If you walk into a bank and try opening random doors, you will be identified, led out of the building and possibly arrested. However, if you log into an online banking application and start looking for vulnerabilities no one will say anything. This needs to change! As critical applications continue to become more accessible and inter-connected, it is paramount that critical information is sufficiently protected. We must also realize that our defenses may not be perfect. Given enough time, attackers can identify security flaws in the design or implementation of an application.

In addition to implementing layers of defense within an application, we must identify malicious individuals before they are able to identify any gaps in our defenses. The best place to identify malicious activity against the application is within the application itself. Network based intrusion detection systems are not appropriate to handle the custom and intricate workings of an enterprise application and are ill-suited to detect attacks focusing on application logic such as authentication, access control, etc. This project delivers a framework which can be used to build a robust system of attack detection, analysis, and response within an enterprise application.

== Detect and Respond to Attacks from Within the Application ==

=== Detection ===
AppSensor defines over 50 different detection points which can be used to identify a malicious attacker.
=== Response===
AppSensor provides guidance on how to respond once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator. More than a dozen response actions are described.
===Defending the Application===
An attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.

==Citations==

* [http://www.crosstalkonline.org/ CrossTalk], The Journal of Defense Software Engineering
** Creating Attack-Aware Software Applications with Real Time Defenses, Vol. 24, No. 5, Sep/Oct 2011

* Norwegian University of Science and Technology in Tronheim
** [https://brage.bibsys.no/xmlui/handle/11250/252956 AppSensor: Attack-Aware Applications Compared Against a Web Application Firewall and an Intrusion Detection System], Thomassen P, 2012

*US Department of Homeland Security
** [https://buildsecurityin.us-cert.gov/swa/topics/resilient-software/ Resilient Software]
** [https://buildsecurityin.us-cert.gov/swa/resources Software Assurance Resources]

==Licensing==
OWASP AppSensor is free to use.

=== Guide ===
The guide is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

=== Reference Implementation ===
The reference implementation is licensed under the [http://opensource.org/licenses/MIT MIT License], which is a permissive (commercial-friendly) license only requiring you to include a copy of the license upon distribution or copying.

© OWASP Foundation

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is AppSensor? ==

Detect and respond to attacks from within the application. This project includes both a well documented idea (the Guide) and a reference implementation (the Code).

== Intro for Developers ==

[[File:Appsensor-developer-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf]]

[https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf Two-sided US Letter or A4]

== AppSensor Website ==

[[File:Appsensor-website-small.jpg|link=http://appsensor.org/]]

See the [http://appsensor.org/ AppSensor website] for an introduction and quick start instructions.

== Overview ==

[[File:Appsensor-cisobriefing-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf]]

[https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf 12-page US Letter booklet]

== Project Founder ==

* [https://www.owasp.org/index.php/User:MichaelCoates Michael Coates] [mailto:michael.coates@owasp.org @]

== Project Leaders ==

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves] [mailto:dennis.groves@owasp.org @]
* [https://www.owasp.org/index.php/User:John_Melton John Melton] [mailto:john.melton@owasp.org @]
* [https://www.owasp.org/index.php/User:Clerkendweller Colin Watson] [mailto:colin.watson@owasp.org @]

== Related Projects ==

* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set]]

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* OWASP AppSensor Guide v2 EN
** [https://www.owasp.org/index.php/File:Owasp-appsensor-guide-v2.pdf PDF]
** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC]
** [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-21608107.html Hard copy]
* OWASP AppSensor Reference Implementation
** [https://github.com/jtmelton/appsensor v2 Code]

== News and Events ==

* [25 Sep 2015] [http://appsecusa2015.sched.org/event/09495faf5cced352cb4a2acc16ce9158#.VaOSoHhfk2w Presentation] at AppSec USA 2015
* [27 Jul 2015] [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc AppSensor Guide v2.0.2] published
* [09 Jun 2015] AppSensor Code v2.1.0 [https://github.com/jtmelton/appsensor/releases/tag/v2.1.0 released]
* [20 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Code
* [19 May 2015] Working session at [http://2015.appsec.eu/project-summit/ OWASP Project Summit] - Documentation
* [09 Apr 2015] [https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf CISO Briefing] booklet published
* [22 Feb 2015] Proposal for [https://www.owasp.org/index.php/GSoC2015_Ideas#OWASP_AppSensor Google Summer of Code 2015]
* [13 Feb 2015] [https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf Introduction for Developers] flyer published
* [13 Feb 2015] AppSensor project awarded OWASP flagship status
* [28 Jan 2015] AppSensor Code v2.0.0 final [https://github.com/jtmelton/appsensor/releases/tag/v2.0.0 released]

== Code Repository ==
* AppSensor v2 https://github.com/jtmelton/appsensor (Current)
* Note: LEGACY AppSensor v1 https://code.google.com/p/appsensor/

== In Print ==

[[File:AppSensor2_small.jpg|link=]]

The [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-22290600.html AppSensor Guide] and [http://www.lulu.com/shop/owasp-foundation/appsensor-ciso-briefing/paperback/product-22121723.html CISO Briefing] can be purchased at cost as print on demand books.

==Classifications==

{| cellpadding="2" width="200"
|-
| rowspan="2" align="center" width="50%" valign="top" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" width="50%" valign="top" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" width="50%" valign="top" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

= Acknowledgements =

== Volunteers ==

All OWASP projects rely on the voluntary efforts of people in the software development and information security sectors. They have contributed their time and energy to make suggestions, provide feedback, write, review and edit documentation, give encouragement, make introductions, produce demonstration code, promote the concept, and provide OWASP support. They participated via the project’s mailing lists, by developing code, by updating the wiki, by undertaking research studies, and through contributions during the AppSensor working session at the OWASP Summit 2011 in Portugal and the AppSensor Summit at AppSec USA 2011. Without all their efforts, the project would not have progressed to this point, and this guide would not have been completed.

{| cellpadding="2"
|-
| align="left" width="200" valign="top" |

*Josh Amishav-Zlatin
*Ryan Barnett
*Simon Bennetts
*Joe Bernik
*Rex Booth
*Luke Briner
*Rauf Butt
*Juan C Calderon
*Fabio Cerullo
*Marc Chisinevski
*Robert Chojnacki
*Michael Coates
*Dinis Cruz
*Sumanth Damaria
*August Detlefsen
*Ryan Dewhurst
*Sean Fay

| align="left" width="200" valign="top" |

*Timo Goosen
*Dennis Groves
*Randy Janida
*Chetan Karande
*Eoin Keary
*Alex Lauerman
*Junior Lazuardi
*Benjamin-Hugo LeBlanc
*Jason Li
*Manuel López Arredondo
*Bob Maier
*Jim Manico
*Sherif Mansour Farag
*John Melton
*Mark Miller
* Rich Mogull
*Craig Munson

| align="left" width="200" valign="top" |

*Louis Nadeau
*Giri Nambari
*Erlend Oftedal
*Jay Reynolds
*Chris Schmidt
*Sahil Shah
*Eric Sheridan
*John Steven
*Raphael Taban
*Alex Thissen
*Don Thomas
*Christopher Tidball
*Stephen de Vries
*Kevin W Wall
*Colin Watson
*Mehmet Yilmaz

|}

==OWASP Summer of Code 2008==
The AppSensor Project was initially supported by the [https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 OWASP Summer of Code 2008], leading to the publication of the book AppSensor v1.1.

==Google Summer of Code 2012==
Additional development work on [http://www.google-melange.com/gsoc/project/google/gsoc2012/edil/60002 SOAP web services] was kindly supported by the [http://www.google-melange.com/gsoc/program/home/google/gsoc2012 Google Summer of Code 2012].

==OWASP Code Sprint 2015==
Development work was also supported by the [https://www.owasp.org/index.php/Summer_Code_Sprint2015 OWASP Summer Code Sprint 2015].

== Other Acknowledgements ==
The project has also benefitted greatly from the generous contribution of time and effort by many volunteers in the OWASP community including those listed above, and contributors to the OWASP ESAPI project, members of the former OWASP Global Projects Committee, the OWASP Board, OWASP staff and support from the OWASP Project Reboot initiative. The v2 code and documentation were conceived during the AppSensor Summit held during AppSec USA 2011 in Minneapolis.

= Road Map and Getting Involved =

Please join the project's mailing lists to keep up-to-date with what's going on, and to contribute your ideas, feedback, and experience:
* [https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project General project]
* [https://lists.owasp.org/mailman/listinfo/owasp-appsensor-dev Code development]

== Current activities ==

=== Non code ===

* Update AppSensor Guide to keep in step with code changes and improvements to ideas ([http://lists.owasp.org/pipermail/owasp-appsensor-project/2015-February/000855.html see discussion and editable list of changes])
* Create demo
* Develop training materials

=== v2 Code ===

The current code being worked on is located on [https://github.com/jtmelton/appsensor GitHub]

The code has been fully rewritten.
v2.0.0 final was released in late January 2015.
v2.1.0 final was released in June 2015.
v2.2.0 final was released in September 2015

The main reason for the rewrite was to allow a client-server style model as opposed to requiring AppSensor be fully embedded in the application. You can now have a central server collecting events from multiple applications and performing analysis. These front-end applications can be in any language as long as they speak rest/soap. There's been a host of other changes, but this was the primary one. A number of starter ideas for coding, user interface and documentation have been outlined via the mailing list at [http://lists.owasp.org/pipermail/owasp-appsensor-project/2014-March/000682.html 17th March 2014].

if you want to work on ANYTHING, please let jtmelton[@]gmail.com know.

== Code Roadmap ==

=== Q4 2015 (2.0) ===
* <strike>Jan - v 2.0.0 final release </strike> -> DONE

=== Q4 2014 (2.0) ===
* <strike>Oct - v 2.0.0 release candidate</strike> -> DONE
* <strike>Jan 2015 (delay due to bug) - v 2.0.0 final </strike> -> DONE
* <strike>Additional unit tests</strike> -> DONE
* <strike>Move appsensor.org site over from static html to python</strike> -> NOT NECESSARY
* <strike>Finish up user documentation at appsensor.org</strike> -> DONE

=== June 2015 (2.1) ===
* <strike>Add at least 1 attack emitter for DEVOPS visualization (JMX -> SNMP, syslog, SNMP, .. something)</strike> ([https://github.com/jtmelton/appsensor/issues/19 github issue]) -> DONE
* <strike>Sample application / demo</strike> ([https://github.com/jtmelton/appsensor/issues/9 github issue]) -> DONE
* <strike>Finish up developer documentation on github and appsensor.org</strike> ([https://github.com/jtmelton/appsensor/issues/12 github issue]) -> DONE
* <strike>Preparation for GSOC 2015 submission</strike> -> DONE - see [[GSoC2015_Ideas]] - Update - OWASP not selected

=== September 2015 (2.2) ===
* <strike>First version of administration UI for appsensor (monitoring UI) (github issues [https://github.com/jtmelton/appsensor/issues/10 here] and [https://github.com/jtmelton/appsensor/issues/11 here])</strike> -> DONE

=== January 2016 (2.3) ===
* <strike>Get CI server (cloudbees?) setup ([https://github.com/jtmelton/appsensor/issues/15 github issue])</strike> -> DONE
* Video demo of setting up appsensor (screen capture) (related to sample apps)
* New detection point implementations ([https://github.com/jtmelton/appsensor/issues/8 github issue])
* AOP examples of detection point implementations

=== May 2016 (2.4) ===
* Trend monitoring implementation ([https://github.com/jtmelton/appsensor/issues/6 github issue])
* Additional integrations for reporting (graphite, ganglia -> see list supported by codahale metrics)

== Past activities ==

'''September 2015''' Final release v2.2.0 code

'''June 2015''' Final release v2.1.0 code

'''April 2015''' CISO Briefing booklet published

'''February 2015''' Introduction for Developers flyer published

'''January 2015''' Final release v2.0.0 code

'''May 2014''' Finalisation and publication of the AppSensor Guide v2.0

'''November, 2013''' - AppSensor 2.0 hackathon, and document writing & review at AppSecUSA 2013, New York

'''2012-2013''' - Active Development of next AppSensor book

'''September, 2011''' - AppSensor Summit at AppSec USA 2011, Minneapolis

'''September, 2010''' - Presented at AppSecUSA [http://www.slideshare.net/michael_coates/real-time-application-defenses-the-reality-of-appsensor-esapi-5181743 slides]

'''June, 2010''' - Active ESAPI Integration Underway

'''November, 2009''' [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf OWASP DC, November 2009]

'''2009''' v1.2 in the works, demo application in development

'''May, 2009''' - AppSec EU Poland - Presentation ([http://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx PPT]) ([http://blip.tv/file/2198771 Video])

'''January, 2009''' - v1.1 Released - Beta Status

'''November, 2008''' - AppSensor Talk at OWASP Portugal

'''November, 2008''' - v1.0 Released - Beta Status

'''April 16, 2008''' - Project Begins

= Detection Points =

Below are the primary detection points defined within AppSensor. These are just the titles; the document contains descriptions, examples and considerations for implementing these detection points.

'''[http://www.owasp.org/index.php/AppSensor_DetectionPoints Detailed Detection Point Information Here] '''

'''[http://www.owasp.org/index.php/AppSensor_ResponseActions Response Action Information Here]'''

'''Summary of Information'''
'''Detection Categories:'''

RE - Request

AE - Authentication

SE - Session

ACE - Access Control

IE - Input

EE - Encoding

CIE - Command Injection

FIO - File IO

HT - Honey Trap

UT - User Trend

STE - System Trend

RP - Reputation

'''Signature Based Event Titles'''

ID Event

RE1 Unexpected HTTP Command

RE2 Attempt to Invoke Unsupported HTTP Method

RE3 GET When Expecting POST

RE4 POST When Expecting GET

RE5 Additional/Duplicated Data in Request

RE6 Data Missing from Request

RE7 Unexpected Quantity of Characters in Parameter

RE8 Unexpected Type of Characters in Parameter

AE1 Use Of Multiple Usernames

AE2 Multiple Failed Passwords

AE3 High Rate of Login Attempts

AE4 Unexpected Quantity of Characters in Username

AE5 Unexpected Quantity of Characters in Password

AE6 Unexpected Type of Character in Username

AE7 Unexpected Type of Character in Password

AE8 Providing Only the Username

AE9 Providing Only the Password

AE10 Adding POST Variable

AE11 Missing POST Variable

AE12 Utilization of Common Usernames

SE1 Modifying Existing Cookie

SE2 Adding New Cookie

SE3 Deleting Existing Cookie

SE4 Substituting Another User's Valid Session ID or Cookie

SE5 Source IP Address Changes During Session

SE6 Change Of User Agent Mid Session

ACE1 Modifying URL Argument Within a GET for Direct Object Access Attempt

ACE2 Modifying Parameter Within a POST for Direct Object Access Attempt

ACE3 Force Browsing Attempt

ACE4 Evading Presentation Access Control Through Custom POST

IE1 Cross Site Scripting Attempt

IE2 Violation of Implemented White Lists

IE3 Violation Of Implemented Black Lists

IE4 Violation of Input Data Integrity

IE5 Violation of Stored Business Data Integrity

IE6 Violation of Security Log Integrity

EE1 Double Encoded Character

EE2 Unexpected Encoding Used

CIE1 Blacklist Inspection for Common SQL Injection Values

CIE2 Detect Abnormal Quantity of Returned Records

CIE3 Null Byte Character in File Request

CIE4 Carriage Return or Line Feed Character In File Request

FIO1 Detect Large Individual File

FIO2 Detect Large Number of File Uploads

HT1 Alteration to Honey Trap Data

HT2 Honey Trap Resource Requested

HT3 Honey Trap Data Used

'''Behavior Based Event Titles'''<br>

UT1 Irregular Use of Application

UT2 Speed of Application Use

UT3 Frequency of Site Use

UT4 Frequency of Feature Use

STE1 High Number of Logouts Across The Site

STE2 High Number of Logins Across The Site

STE3 Significant Change in Usage of Same Transaction Across The Site

RP1 Suspicious or Disallowed User IP Address

RP2 Suspicious External User Behavior

RP3 Suspicious Client-Side Behavior

RP4 Change to Environment Threat Level

= Media =

== Introductory Briefings ==

{|
| align="center" valign="top" | Developers
|
| align="center" valign="top" | Architects
|
| align="center" valign="top" | CISOs
|-
| align="left" width="200" valign="top" | [[File:Appsensor-developer-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor_intro_for_developers.pdf]]
| width="20" |
| align="left" width="200" valign="top" | [[File:Appsensor_crosstalk_small.jpg|link=http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-Watson.pdf]]
| width="20" |
| align="center" width="200" valign="top" | [[File:Appsensor-cisobriefing-small.jpg|link=https://www.owasp.org/index.php/File:Appsensor-ciso-briefing.pdf]]
|}

The CISO briefing is also available to [http://www.lulu.com/shop/owasp-foundation/appsensor-ciso-briefing/paperback/product-22121723.html buy at cost in print].

== AppSensor Website ==

[[File:Appsensor-website-large.jpg|link=http://appsensor.org/]]

http://appsensor.org/

== Code ==

*v2 [https://github.com/jtmelton/appsensor Github Code]
* (LEGACY) v1 [http://code.google.com/p/appsensor/ Google Code]

== AppSensor Guide ==

* OWASP AppSensor Guide
** v2.0 EN
*** [https://www.owasp.org/index.php/File:Owasp-appsensor-guide-v2.pdf PDF]
*** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc DOC]
*** [http://www.lulu.com/shop/owasp-foundation/appsensor-guide/paperback/product-21608107.html Print on demand at cost hard copy]
** v1.1 EN
*** [https://www.owasp.org/images/2/2f/OWASP_AppSensor_Beta_1.1.pdf PDF]
*** [https://www.owasp.org/images/b/b0/OWASP_AppSensor_Beta_1.1.doc DOC]

== Presentations ==

[http://www.brighttalk.com/webcast/20680 Automated Application Defenses to Thwart Advanced Attackers (Slides & Audio)]

July, 2010 - OWASP London (UK) - [http://www.owasp.org/index.php/File:Owasp-london-20100715-appsensor-3.pdf Real Time Application Attack Detection and Response with OWASP AppSensor]

June, 2010 - OWASP Leeds/North (UK) - OWASP AppSensor - The Self-Aware Web Application

June, 2010 - Video presentation - [http://michael-coates.blogspot.com/2010/06/online-presentation-thursday-automated.html Automated Application Defenses to Thwart Advanced Attackers]

November, 2009 - AppSec DC - [http://www.owasp.org/images/0/06/Defend_Yourself-Integrating_Real_Time_Defenses_into_Online_Applications-Michael_Coates.pdf Defend Yourself: Integrating Real Time Defenses into Online Applications]

May, 2009 - [http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3 OWASP Podcast #51]

May, 2009 - AppSec EU Poland - [https://www.owasp.org/images/b/b7/AppsecEU09_MichaelCoates.pptx Real Time Defenses against Application Worms and Malicious Attackers]

November, 2008 - [https://www.owasp.org/images/7/77/Presentation_AppSensor.ppt OWASP Summit Portugal 2008 PPT]

==Video Demos of AppSensor==

[http://www.youtube.com/watch?v=8ItfuwvLxRk Detecting Multiple Attacks & Logging Out Attacker]

[http://www.youtube.com/watch?v=CekUMk_VRV8 Detecting XSS Probes]

[http://www.youtube.com/watch?v=LfD4y67qdWE Detecting URL Tampering]

[http://www.youtube.com/watch?v=1D6nTlmYjhY Detecting Verb Tampering]

==Source Documents / Artwork==

* Guide
** [https://www.owasp.org/index.php/File:Owasp-appensor-guide-v2.doc Word (content only)], DOC 11Mb
** [https://4ed64fe7f7e3f627b8d0-bc104063a9fe564c2d8a75b1e218477a.ssl.cf2.rackcdn.com/appsensor-guide-2v0-owasp.zip Word, images, Lulu covers, diagrams], ZIP 96Mb
* Introduction for Developers
** [https://www.owasp.org/index.php/File:Appsensor-intro-for-developers-a4.zip A4 Illustrator and PDF exports], ZIP 19Mb
** [https://www.owasp.org/index.php/File:Appsensor-intro-for-developers-usletter.zip US letter Illustrator and PDF exports], ZIP 19Mb
* Poster
** [https://www.owasp.org/index.php/File:Owasp-appsensor-poster-a1.zip A1 Illustrator and PDF export] ZIP, 18Mb

= Project About =
{{:Projects/OWASP_AppSensor_Project | Project About}}

<nowiki>}} </nowiki>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project|AppSensor Project]]
[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]
[[Category:OWASP_Download]]
[[Category:SAMM-EH-3]]
[[Category:SAMM-SA-2]]
[[Category:SAMM-VM-3]]

February 8, 2017

2017-02-08T23:19:07Z

MichaelCoates: Added bullets

February 8, 2017, 15:00-16:30 PST

Meeting Location:

'''VIRTUAL'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

Notice of Recording
Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.

https://www3.gotomeeting.com/join/861328838

=== AGENDA ===
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.

=== CALL TO ORDER ===
*Quorum is needed of (4) elected board members to begin. Ideally votes on motions as example will be conducted of ALL board members for the record in the event of a tie the chair's vote decides)

=== CHANGES TO THE AGENDA ===
*At the start of the meeting the entire agenda will be reviewed. Anything not on the agenda will not be heard and will have to wait until the next scheduled meeting. Submissions should be available (5) working days before the meeting and a alert should be posted to the [https://lists.owasp.org/listinfo/owasp-board owasp-board mailing list] for public record

=== APPROVAL OF MINUTES ===
- Approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]

=== REPORTS ===
OWASP Foundation daily operations is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a [https://owasp.blogspot.com/2017/02/owasp-operations-update-for-february.html monthly roll-up report] in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.] This month's operational report was published on the OWASP blog as the [https://owasp.blogspot.com/2017/02/owasp-operations-update-for-february.html OWASP Operations Update for February 2017]

<$Committees> should provide a written/verbal report of progress since the last meeting

=== OLD / UNFINISHED BUSINESS ===

<$insert anything that did not get resolved and that is being tracked, updated or to be discussed and by who>

* Officer acknowledgements - Brennan

* [https://www.owasp.org/index.php/About_OWASP#Form_990_Documents 990 Filings] 2014 & 2015 - Brennan

* [Josh] PROPOSAL: An OWASP Foundation Board member is elected to a two-year term. A Board member may run again for re-election at any point in the future, but may serve no more than two two-year terms in any ten year period. Current Board members would be allowed to complete their current term. This would encourage new ideas and renewed energy on the OWASP Board of Directors and keep elections from being a popularity contest where incumbents may be difficult to displace.

Current OWASP Foundation Bylaws:

https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf

Section 2.02 currently reads:

:: Each Board member will serve for a term of 2 years. The term will begin effective January 1 following the election period. An individual is limited to 4 consecutive 2 year terms effective January 1, 2014. The role of the Board Members shall be elected by the Board of Directors at the first meeting following the election of the Board of Directors. If the election of officers shall not be held at such meeting, such election shall be held as soon thereafter as conveniently may be. Each officer shall hold that role until the next election has been completed.

MOTION: Revise Section 2.02 to read:

:: Each Board member will serve for a term of 2 years. The term will begin effective January 1 following the election period. A Board member may run again for re-election at any point in the future, but may serve no more than two two-year terms in any ten year period. The role of the Board Members shall be elected by the Board of Directors at the first meeting following the election of the Board of Directors. If the election of officers shall not be held at such meeting, such election shall be held as soon thereafter as conveniently may be. Each officer shall hold that role until the next election has been completed.

This new rule would take effect with the 2017 election and the directors elected for the 2018/2019 term.

* [Josh] Scheduled Board Meeting Discussion: I would like to request that the meeting scheduled for Wednesday, April 12th be moved to either Tuesday, April 11th or Thursday, April 13th at the same time. I will be coaching a soccer game at the currently scheduled date and time. Also, the timezone for June 7 is listed as CEST. Is that intentional? I ask because every other timezone is listed in PST or PDT. I shouldn't have an issue if it is, but I at least wanted to verify that is the case. Lastly, the September 19th meeting says "in Orlando at AppSecEU", but the October 11th meeting also says "at AppSecUSA" and is in EST. Which is it? Are the times still correct for both? https://www.owasp.org/index.php/Board#The_OWASP_Foundation_Inc..2C_Global_Board_of_Directors

MOTION:
* Vote for having a Team as ED conformed by Kate, Matt Tesauro and Tom Papas
* Vote to hire VM services to help prepare the Board meetings better
* Vote/Approve Budget Items for 2017
* Vote/Approve [https://docs.google.com/document/d/1zRae5MufvbaIyOd0YL-lOkenzz_3ACZl1zBL11yUxo8/edit new membership model]
* Vote on strategic goals for 2017

====Strategic Goals 2017====
* Goal Appsec Training: [https://docs.google.com/document/d/1cT3trTdmYNcz7sH4ENHcR9ujE51qRHx-dDrELIpSnKU/edit?ts=589a2d9b Appsec Training 2017]

=== NEW BUSINESS ===

<$insert anything that is NEW business to be heard by the elected officials> Please add your item to the list by editing this wiki page and adding the subject line or link to the item to be discussed

* [Michael] Proposal for OWASP 2017 Objective - AppSec Trainings - [https://docs.google.com/document/d/1cT3trTdmYNcz7sH4ENHcR9ujE51qRHx-dDrELIpSnKU/edit# Proposal Link]
* [Konda] Proposed Updated 2017 Meeting Schedule - [https://docs.google.com/spreadsheets/d/1kol0PTc0P2hu6xkmkG7umPnNjLGw06Wou56Ee_575rg/edit#gid=0 Proposed Schedule]

=== COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS ===
This is for open discussion that does NOT require a vote however is educational and informative from anyone who has something to add for the good of the Foundation.

=== ADJOURNMENT ===
We will determine the next date/time of the offical meeting if different from the posted agenda. Any changes to the offical date/time/location will also be posted to the [https://lists.owasp.org/listinfo/owasp-board OWASP-BOARD LIST]

[https://www.owasp.org/index.php/Board NEXT MEETING]

##

February 8, 2017

2017-02-07T20:36:33Z

MichaelCoates: indents for readability

February 8, 2017, 15:00-16:30 PST

Meeting Location:

'''VIRTUAL'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== AGENDA ===
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.

=== CALL TO ORDER ===
*Quorum is needed of (4) elected board members to begin. Ideally votes on motions as example will be conducted of ALL board members for the record in the event of a tie the chair's vote decides)

=== CHANGES TO THE AGENDA ===
*At the start of the meeting the entire agenda will be reviewed. Anything not on the agenda will not be heard and will have to wait until the next scheduled meeting. Submissions should be available (5) working days before the meeting and a alert should be posted to the [https://lists.owasp.org/listinfo/owasp-board owasp-board mailing list] for public record

=== APPROVAL OF MINUTES ===
- Approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]

=== REPORTS ===
OWASP Foundation daily operations is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a [https://owasp.blogspot.com/2017/02/owasp-operations-update-for-february.html monthly roll-up report] in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.] This month's operational report was published on the OWASP blog as the [https://owasp.blogspot.com/2017/02/owasp-operations-update-for-february.html OWASP Operations Update for February 2017]

<$Committees> should provide a written/verbal report of progress since the last meeting

=== OLD / UNFINISHED BUSINESS ===

<$insert anything that did not get resolved and that is being tracked, updated or to be discussed and by who>

- Officer acknowledgements - Brennan

- [https://www.owasp.org/index.php/About_OWASP#Form_990_Documents 990 Filings] 2014 & 2015 - Brennan

- [Josh] PROPOSAL: An OWASP Foundation Board member is elected to a two-year term. A Board member may run again for re-election at any point in the future, but may serve no more than two two-year terms in any ten year period. Current Board members would be allowed to complete their current term. This would encourage new ideas and renewed energy on the OWASP Board of Directors and keep elections from being a popularity contest where incumbents may be difficult to displace.

Current OWASP Foundation Bylaws:

https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf

Section 2.02 currently reads:

:: Each Board member will serve for a term of 2 years. The term will begin effective January 1 following the election period. An individual is limited to 4 consecutive 2 year terms effective January 1, 2014. The role of the Board Members shall be elected by the Board of Directors at the first meeting following the election of the Board of Directors. If the election of officers shall not be held at such meeting, such election shall be held as soon thereafter as conveniently may be. Each officer shall hold that role until the next election has been completed.

MOTION: Revise Section 2.02 to read:

:: Each Board member will serve for a term of 2 years. The term will begin effective January 1 following the election period. A Board member may run again for re-election at any point in the future, but may serve no more than two two-year terms in any ten year period. The role of the Board Members shall be elected by the Board of Directors at the first meeting following the election of the Board of Directors. If the election of officers shall not be held at such meeting, such election shall be held as soon thereafter as conveniently may be. Each officer shall hold that role until the next election has been completed.

This new rule would take effect with the 2017 election and the directors elected for the 2018/2019 term.

- [Josh] Scheduled Board Meeting Discussion: I would like to request that the meeting scheduled for Wednesday, April 12th be moved to either Tuesday, April 11th or Thursday, April 13th at the same time. I will be coaching a soccer game at the currently scheduled date and time. Also, the timezone for June 7 is listed as CEST. Is that intentional? I ask because every other timezone is listed in PST or PDT. I shouldn't have an issue if it is, but I at least wanted to verify that is the case. Lastly, the September 19th meeting says "in Orlando at AppSecEU", but the October 11th meeting also says "at AppSecUSA" and is in EST. Which is it? Are the times still correct for both? https://www.owasp.org/index.php/Board#The_OWASP_Foundation_Inc..2C_Global_Board_of_Directors

=== NEW BUSINESS ===

<$insert anything that is NEW business to be heard by the elected officials> Please add your item to the list by editing this wiki page and adding the subject line or link to the item to be discussed

* [Michael] Proposal for OWASP 2017 Objective - AppSec Trainings - [https://docs.google.com/document/d/1cT3trTdmYNcz7sH4ENHcR9ujE51qRHx-dDrELIpSnKU/edit# Proposal Link]

=== COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS ===
This is for open discussion that does NOT require a vote however is educational and informative from anyone who has something to add for the good of the Foundation.

=== ADJOURNMENT ===
We will determine the next date/time of the offical meeting if different from the posted agenda. Any changes to the offical date/time/location will also be posted to the [https://lists.owasp.org/listinfo/owasp-board OWASP-BOARD LIST]

[https://www.owasp.org/index.php/Board NEXT MEETING]

##

February 8, 2017

2017-02-07T20:34:01Z

MichaelCoates: Adding AppSec Trainings Proposal for vote

February 8, 2017, 15:00-16:30 PST

Meeting Location:

'''VIRTUAL'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== AGENDA ===
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.

=== CALL TO ORDER ===
*Quorum is needed of (4) elected board members to begin. Ideally votes on motions as example will be conducted of ALL board members for the record in the event of a tie the chair's vote decides)

=== CHANGES TO THE AGENDA ===
*At the start of the meeting the entire agenda will be reviewed. Anything not on the agenda will not be heard and will have to wait until the next scheduled meeting. Submissions should be available (5) working days before the meeting and a alert should be posted to the [https://lists.owasp.org/listinfo/owasp-board owasp-board mailing list] for public record

=== APPROVAL OF MINUTES ===
- Approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]

=== REPORTS ===
OWASP Foundation daily operations is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a [https://owasp.blogspot.com/2017/02/owasp-operations-update-for-february.html monthly roll-up report] in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.] This month's operational report was published on the OWASP blog as the [https://owasp.blogspot.com/2017/02/owasp-operations-update-for-february.html OWASP Operations Update for February 2017]

<$Committees> should provide a written/verbal report of progress since the last meeting

=== OLD / UNFINISHED BUSINESS ===

<$insert anything that did not get resolved and that is being tracked, updated or to be discussed and by who>

- Officer acknowledgements - Brennan

- [https://www.owasp.org/index.php/About_OWASP#Form_990_Documents 990 Filings] 2014 & 2015 - Brennan

- [Josh] PROPOSAL: An OWASP Foundation Board member is elected to a two-year term. A Board member may run again for re-election at any point in the future, but may serve no more than two two-year terms in any ten year period. Current Board members would be allowed to complete their current term. This would encourage new ideas and renewed energy on the OWASP Board of Directors and keep elections from being a popularity contest where incumbents may be difficult to displace.

Current OWASP Foundation Bylaws:

https://www.owasp.org/images/e/e1/OWASPByLawsOfficial-25Sept2015CLEAN.pdf

Section 2.02 currently reads:

Each Board member will serve for a term of 2 years. The term will begin effective January 1 following the election period. An individual is limited to 4 consecutive 2 year terms effective January 1, 2014. The role of the Board Members shall be elected by the Board of Directors at the first meeting following the election of the Board of Directors. If the election of officers shall not be held at such meeting, such election shall be held as soon thereafter as conveniently may be. Each officer shall hold that role until the next election has been completed.

MOTION: Revise Section 2.02 to read:

Each Board member will serve for a term of 2 years. The term will begin effective January 1 following the election period. A Board member may run again for re-election at any point in the future, but may serve no more than two two-year terms in any ten year period. The role of the Board Members shall be elected by the Board of Directors at the first meeting following the election of the Board of Directors. If the election of officers shall not be held at such meeting, such election shall be held as soon thereafter as conveniently may be. Each officer shall hold that role until the next election has been completed.

This new rule would take effect with the 2017 election and the directors elected for the 2018/2019 term.

- [Josh] Scheduled Board Meeting Discussion: I would like to request that the meeting scheduled for Wednesday, April 12th be moved to either Tuesday, April 11th or Thursday, April 13th at the same time. I will be coaching a soccer game at the currently scheduled date and time. Also, the timezone for June 7 is listed as CEST. Is that intentional? I ask because every other timezone is listed in PST or PDT. I shouldn't have an issue if it is, but I at least wanted to verify that is the case. Lastly, the September 19th meeting says "in Orlando at AppSecEU", but the October 11th meeting also says "at AppSecUSA" and is in EST. Which is it? Are the times still correct for both? https://www.owasp.org/index.php/Board#The_OWASP_Foundation_Inc..2C_Global_Board_of_Directors

=== NEW BUSINESS ===

<$insert anything that is NEW business to be heard by the elected officials> Please add your item to the list by editing this wiki page and adding the subject line or link to the item to be discussed

* [Michael] Proposal for OWASP 2017 Objective - AppSec Trainings - [https://docs.google.com/document/d/1cT3trTdmYNcz7sH4ENHcR9ujE51qRHx-dDrELIpSnKU/edit# Proposal Link]

=== COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS ===
This is for open discussion that does NOT require a vote however is educational and informative from anyone who has something to add for the good of the Foundation.

=== ADJOURNMENT ===
We will determine the next date/time of the offical meeting if different from the posted agenda. Any changes to the offical date/time/location will also be posted to the [https://lists.owasp.org/listinfo/owasp-board OWASP-BOARD LIST]

[https://www.owasp.org/index.php/Board NEXT MEETING]

##

Bay Area

2016-11-19T22:48:35Z

MichaelCoates: /* Mentorship Program */

= Bay Area Chapter Board =
Interested in finding out more? Will contact your with information on the first in person chapter board discussion in San Francisco

Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
[https://www.meetup.com/Bay-Area-OWASP/events/233591691/ September 7, 2016 - San Francisco]

Check out our meetup page for upcoming events:
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Travis McPeak
* William Bengtson
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:OWASP Chapter]]
[[Category:United_States]]
[[Category:California]]

Bay Area

2016-11-19T22:48:17Z

MichaelCoates: /* Bay Area Chapter Leaders */

= Bay Area Chapter Board =
Interested in finding out more? Will contact your with information on the first in person chapter board discussion in San Francisco

Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
[https://www.meetup.com/Bay-Area-OWASP/events/233591691/ September 7, 2016 - San Francisco]

Check out our meetup page for upcoming events:
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Travis McPeak
* William Bengtson
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

== Mentorship Program ==
* OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.
* First meeting will be held on December 1
** Complete the following form [https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.
** Then [http://www.meetup.com/Bay-Area-OWASP/ RSVP for the meetup]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:OWASP Chapter]]
[[Category:United_States]]
[[Category:California]]

November 8, 2016

2016-11-08T22:59:13Z

MichaelCoates: /* New Business */

===Time===
* Date/Time: November 8, 1800 EST [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=08&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

===Notice of Recording===

*Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
*Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.

=== Meeting Minutes===
::- [https://docs.google.com/a/owasp.org/document/d/119FJ2G2EdsVnz8vnxWv0Ee0G3uWMTSVqyxt_1CVrHiY/edit?usp=sharing September meeting minutes]

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chair's Report - Matt Konda ===
* Draft of [https://docs.google.com/document/d/1ZgZotdu3TglKCiyOxyQVwS16YDJj0qmEkdYz0LT7hf4/edit Strategic Goals for 2017]
* Turned on [https://owasp.recruiterbox.com/jobs/fk062sn ED Job Description] *this needs a budget and a call for canidate campaign/recruitment*
* Draft of [https://docs.google.com/a/owasp.org/document/d/1eH-0WTRBa-x21GNsGZqOiokP0fO6oBKK8OOj3sjnhP8/edit?usp=sharing OWASP Staff Training Policy]
* Moved Co-Marketing Agreements back to Kate
* Belfast Contracts and Moved Away from Troy
* OWASP Glue Project

=== Vice Chair's Report - Josh Sokol ===
TBA

=== Treasurer Report - Andrew van der Stock ===

=== Secretary Report -Tobias Gondrom ===
Nothing to report

=== Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom ===

* Coates - Chapters
TBA

* Carter - Governance
TBA

* Brennan - Projects
Matt T., has been recruited, hired and empowered to drive the job description that was [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf written]. Good job to him and the staff for working together on key objectives. Next is the website effort, budget was allocated and removed. This is a issue and needs discussion of issue and solution. Invest in owasp and budget appropriately as one does with a 2M business.

-2017 Project Summits

- Industry moving
pubilc/private, m&a, opensource

Project Flows
- Examples [https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Labs_Projects Labs Current], [https://github.com/opendxl/opendxl-client-python/blob/master/LICENSE OpenDXL], [https://github.com/zaproxy/zaproxy/ ZAP Proxy] and [http://www.bugheist.com/ BugHeist] models of open source and other [http://events.linuxfoundation.org/sites/events/files/slides/lfcs15_hall.pdf Open Source business models]

- Local project chapters

==Staff Reports==
==Staff Reports==
** [https://docs.google.com/a/owasp.org/document/d/12Php1gJuT7lednfKxdv9QegLeVjFHW2xmnVwOsUgmU8/edit?usp=sharing Director/Operations Update] - Kate
** Financial Update - Andrew/Tom
** [https://docs.google.com/document/d/1ZY3AEF53AlYwh-6hCqO6W47_9r6ALxe2g9FYSyuAyaQ/edit?usp=sharing Event Manager Report] - Laura Grau
** [https://docs.google.com/a/owasp.org/presentation/d/1I7z1smEAtKIYV2_5lASuQJZcG51F5znfo-p9WKNxOc8/edit?usp=sharing| Project_Coordinator_Update] - Claudia Casanovas & Matt Tesauro
** [https://docs.google.com/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit?usp=sharing Community Manager Report]- Tiffany Long
** [https://www.owasp.org/index.php/October_2016_Membership_Report October 2016 Membership Report] - Kelly Santalucia

==Old Business==

All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==

* [http://lists.owasp.org/pipermail/owasp-board/2016-October/017563.html Request for 150K USD seed fund for the OWASP-DevSecCon Summit in April 2017 in the UK]
* Policy on OWASP Staff Training
* Strategic Goals
* What does a future OWASP look like? Directional aspirations and impacts to type of ED [Michael]

Additional Notes to 150K Seed Fund:<br>
We are gathering a team with ample experience in organizing owasp (and other) events, including the last 2 owasp summits.<br>
By focusing on the content and outcome objectives we are creating the necessary momentum for this summit.<br>
In parallel we are putting in motion the logistics for this summit (venue, catering, sponsoring, ...)<br>
<br>
We will definitely try to make this a "budget-neutral" event, by:<br>
1) having people cover their participation themselves<br>
2) having sponsors that cover part of the costs<br>
3) tapping into the under-used chapter and project funds<br>

At this stage we want to be sure to have the support from the board & staff and have a "seed-fund" of 150K USD.<br>
I count on your (and the complete board) to support this new summit.<br>
Seba & Dinis

== Action Items==

==Announcements==

Election results:

The three open board seats shall be filled by:
Andrew van der Stock
Matt Konda
Johanna Curiel

==Adjournment==
*Next meeting date/time: [https://www.owasp.org/index.php?title=December_14,_2016 December 14 2016 1500-1630 PST] [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=12&day=14&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]

==Motion to close meeting==

Agenda

==Extra points==

Bay Area

2016-09-08T00:20:12Z

MichaelCoates: /* Bay Area Chapter Board */

= Bay Area Chapter Board =
Interested in finding out more? Will contact your with information on the first in person chapter board discussion in San Francisco

Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
[https://www.meetup.com/Bay-Area-OWASP/events/233591691/ September 7, 2016 - San Francisco]

Check out our meetup page for upcoming events:
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

== Mentorship Program ==
* OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.
* First meeting will be held on December 1
** Complete the following form [https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.
** Then [http://www.meetup.com/Bay-Area-OWASP/ RSVP for the meetup]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:OWASP Chapter]]
[[Category:United_States]]
[[Category:California]]

Bay Area

2016-09-07T23:52:20Z

MichaelCoates:

= Bay Area Chapter Board =
Interested in finding out more?

Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
[https://www.meetup.com/Bay-Area-OWASP/events/233591691/ September 7, 2016 - San Francisco]

Check out our meetup page for upcoming events:
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

== Mentorship Program ==
* OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.
* First meeting will be held on December 1
** Complete the following form [https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.
** Then [http://www.meetup.com/Bay-Area-OWASP/ RSVP for the meetup]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:OWASP Chapter]]
[[Category:United_States]]
[[Category:California]]

Bay Area

2016-08-25T17:57:52Z

MichaelCoates: /* Our next event */

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
[https://www.meetup.com/Bay-Area-OWASP/events/233591691/ September 7, 2016 - San Francisco]

Check out our meetup page for upcoming events:
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

== Mentorship Program ==
* OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.
* First meeting will be held on December 1
** Complete the following form [https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.
** Then [http://www.meetup.com/Bay-Area-OWASP/ RSVP for the meetup]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:OWASP Chapter]]
[[Category:United_States]]
[[Category:California]]

July 1, 2016

2016-06-29T18:46:58Z

MichaelCoates: /* Reports */

===Time===
*Date/Time: July 1, 2016/6pm-9pm CEST
* [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]

===Location===

[http://www.marriott.com/hotels/travel/romau-rome-marriott-park-hotel/ Rome Marriott-Park Hotel]

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===
July 1, 2016 Meeting Minutes
::- TBA

May 18, 2016 Meeting Minutes:
::- https://docs.google.com/document/d/14uLi51kUGcmqIfjZJ0WEe2WZO4_-lUabdPBS4XSz7V0/edit?usp=sharing

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

* OWASP Website Project draft report - post comments on the draft
https://docs.google.com/document/d/1OWo4Er61iK2ySwoJsuCHw9ManGHjiMURuRiQUmMVSuY/edit?usp=sharing

= Meeting Agenda =
== Call to Order /OWASP Mission ==
*Administrative: List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)

== Reports ==
=== Chair's Report - Matt Konda ===
* Developer Initiatives: Chicago Coder Conference, Goto; Chicago, TechNexus Panel on Security, Chicago FTW Start with Security Panel
* Organizational
** Staff meetings
** Hiring follow through for STC
* Minimal Bill payments
* 1:1 with staff at AppSecEU

=== Vice Chair's Report - Josh Sokol ===
* I've got nothing major to report here so let's save the time for some of the bigger discussions that we need to have.

=== Treasurer Report - Andrew van der Stock ===

From January to around at least April, OWASP had operational reserves far less than the target operational reserve target of six months. This is due to a lack of revenue, unbudgeted expenses, and a split model that favors one strategic goal over all others. Luckily, the success of AppSec EU has made a recovery possible, and provides breathing room until this is resolved.

Unfortunately, the 2016 draft budget was never finished, and it was not approved. We need to approve a revised 2016 budget. There will be a budget working party held in Rome to get through this out of cycle budgeting process that will hopefully put in a reasonable budget for the rest of the year until planning can start again at the October face to face board meeting.

I have created a set of financial motions that address revenue, such as a membership fee increase, additional membership classes, a training program, and to invest $250k of our unused earmarked funds in a structured investment program. These measures will collectively increase our membership, particularly in the developing economies, and improve our bottom line by over $100k per year, with an additional $60-75k over five years from investing the earmarked funds.

We will need to work together on structural reform that addresses the profit splitting more equitably so that future operational reserves do not go below six months, and so we can invest in all of our strategic goals, and not just one. This is not optional, because there is a risk that a future AppSec conference does not do well, as happened in 2012, this could bring OWASP down. We need to address this structural reform so that we can grow to a $5m per year organisation, which has far different issues than we do today.

*Josh Comment: AppSecUSA 2012 was the highest grossing AppSec conference ever held at the time. Not sure where this comment comes from, but it is wrong.

=== Chapters - Michael Coates ===
* Working with Tiffany regarding concerns over a specific chapter election
* Waiting on Sooryen information before further chapter outreach

== Financial information ==

* June financial package
::- TBA

* 2016 Draft Budget
::- TBA

== Financial motions ==

* Motion to invest a portion of unused funds in a ladder CD arrangement
::- https://docs.google.com/document/d/1cZOMYzaRnWW_oQd4ON7kBNQcmlx3V4u33Szm8jH2cgU/edit#

* Motion to approve changes to FY17 membership rates
::- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing

* Motion to add a developing nation membership class of $USD 20 annually
::- https://docs.google.com/a/owasp.org/document/d/14OBSW4kcsFsuEGyGg1K8UXkuoYQAzdY49gvXmkUiYyg/edit?usp=sharing

* Motion to establish a pay anything membership class, eliminate honorary membership and establish an annual Paul Ritchie Memorial Award
::- https://docs.google.com/a/owasp.org/document/d/1GTcff47NFDgFCnnFTvaEehdecc-TU2PWjAqc9x470Vw/edit?usp=sharing

* Motion to create an OWASP open training platform
::- https://docs.google.com/document/d/1dZ-6eJyNj5iiTTo9AS5NC77PYwOF0D9aTHz8dmcJGJ0/edit#

=== Secretary Report - ########## ===

* Need to assign this role to a current board member to fill vacancy - [http://www.nonprofitlawblog.com/duties-of-the-secretary-of-a-nonprofit-corporation/ why]

=== Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom ===

* Coates - Chapters

* Gondrom - Governance

* Brennan - Projects

==Reports==
* Executive Director/Operations Update - [https://docs.google.com/a/owasp.org/document/d/1lz4Yb2byWSbayRmpKksHhR_fHJ3eoL8aWMZMEpfnIXg/edit?usp=sharing Rollup Report]
** Financial Update - [Link| Board Summary Combined] [Link| Combined Balance Sheet]
** Director Update - Kate Hartmann - see rollup report above
** Project Coordinator Update -DRAFT[https://docs.google.com/a/owasp.org/presentation/d/1jeTYCaTRw-lqJV0q3OpYiTZCrAwf4T9fKiMjqHccm44/edit?usp=sharing| Claudia Aviles Casanovas Update]
** Membership Update - [https://www.owasp.org/index.php/May_2016_Membership_Report Membership Report] Kelly Santalucia Update]
** [Link| Conference Manager Report] - Laura Grau
** IT Update - [Link| IT Status Report as of 2016-05-17] - Matt Tesauro

=== Community Initiative Reports ===

==Old Business==

All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Motion to create Regional Advisory Councils - Please read final draft. Vote held over from January 2016
::- https://docs.google.com/document/d/16y0acWfeZ_skcO27D-conivvlbSqPbAC1xTY5UfJi_4/edit

==New Business==

* Status of filed Trademarks with the USPO and discussion about brand usage and resources
::- https://www.owasp.org/index.php/Marketing/Resources

* Co-Marketing Agreements with other conferences
::- https://www.owasp.org/index.php/Owasp_Conference_Management_System
::- https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference

== Action Items==

* Approve a 2016 Budget
::- Draft budget forthcoming (AJV)

* Motion to appoint a replacement secretary for the remainder of 2016
::- https://docs.google.com/a/owasp.org/document/d/1ir9P0kz7HQuJqOEpgL4r2yKwLQCR47gLswvliaqzyak/edit?usp=sharing

* Motion to appoint a casual vacancy on the OWASP Global Board for the remainder of 2016
::- https://docs.google.com/a/owasp.org/document/d/1ukMZJ9MdCITjT1t_IWC4pxKZKcqATOu-yFpZ1ruddrc/edit?usp=sharing

* Motion to invest a portion of unused funds in a ladder CD arrangement
::- https://docs.google.com/document/d/1cZOMYzaRnWW_oQd4ON7kBNQcmlx3V4u33Szm8jH2cgU/edit#

* Motion to approve changes to FY17 membership rates
::- https://docs.google.com/a/owasp.org/document/d/1RBy7yRl-qVo49lDL1JeKmhwLElcazrJ7tY4OO5Wwb6U/edit?usp=sharing

* Motion to add a developing nation membership class of $USD 20 annually
::- https://docs.google.com/a/owasp.org/document/d/14OBSW4kcsFsuEGyGg1K8UXkuoYQAzdY49gvXmkUiYyg/edit?usp=sharing

* Motion to establish a pay anything membership class, eliminate honorary membership and establish an annual Paul Ritchie Memorial Award
::- https://docs.google.com/a/owasp.org/document/d/1GTcff47NFDgFCnnFTvaEehdecc-TU2PWjAqc9x470Vw/edit?usp=sharing

* Motion to create an OWASP open training platform
::- https://docs.google.com/document/d/1dZ-6eJyNj5iiTTo9AS5NC77PYwOF0D9aTHz8dmcJGJ0/edit#

==Announcements==

==Adjournment==
*Next meeting date/time: [https://www.owasp.org/index.php?title=July_27,_2016 July 27th]

==Motion to close meeting==

Bay Area

2016-06-10T05:28:24Z

MichaelCoates: /* Our next event */

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
[http://www.meetup.com/Bay-Area-OWASP/events/231790630/ June 28, 2016 - Foster City]

Check out our meetup page for upcoming events:
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

== Mentorship Program ==
* OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.
* First meeting will be held on December 1
** Complete the following form [https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.
** Then [http://www.meetup.com/Bay-Area-OWASP/ RSVP for the meetup]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:OWASP Chapter]]
[[Category:United_States]]
[[Category:California]]

May 18, 2016

2016-05-17T21:54:46Z

MichaelCoates: /* Updated from Members at Large - Tom Brennan, Michael Coates, and Tobias Gondrom */

Bay Area

2016-05-16T00:20:49Z

MichaelCoates: /* Our next event */

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
[http://www.meetup.com/Bay-Area-OWASP/events/230159088/ May 18, 2016 - San Francisco]

Check out our meetup page for upcoming events:
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

== Mentorship Program ==
* OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.
* First meeting will be held on December 1
** Complete the following form [https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.
** Then [http://www.meetup.com/Bay-Area-OWASP/ RSVP for the meetup]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:OWASP Chapter]]
[[Category:United_States]]
[[Category:California]]

February 17, 2016

2016-02-17T22:36:46Z

MichaelCoates: /* Updates from Members at Large */

==Dial In Info==
===Notice of Recording===
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.
* [https://www.dropbox.com/s/9v88xcox5rb6pkc/2016-01-13%2016.09%20OWASP%20Board%20Meeting.wmv?dl=0 Recording of 13 January 2016 OWASP Board Meeting]

===Time===
* February 17, 2016, 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=02&day=17&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]

===Location===

'''Teleconference Information:'''

https://www3.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

=== Attendance Tracker===
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''

=== Meeting Minutes===
* [https://docs.google.com/a/owasp.org/document/d/1J9BZ2DIgItMpajbAaPGzA1HcbkVQ5SKzfLUFDa06H4s/edit?usp=sharing Feb.17 Minutes template]
* [https://docs.google.com/document/d/1NgJB0B98pP2-THUMks0fNf_yZmGsDKs_uCJMsAYuZ-Y/edit Jan.2016 Meeting Minutes for Approval]

= Reading Material =
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''

1. [https://docs.google.com/document/d/1PvNeEWgoO1w51VhHLwqqSgo0mBh-RvmSFUKMTz4QrYg/edit?pref=2&pli=1#heading=h.lw77ixr6kxi Proposal from Johanna on OWASP-Project-Review Updates & Incentives]
* Should Project Task Force be 'relaunched' as Project-Review-Committee with same Committee 2.0 procedures and authority?
* Some questions in the proposal may be resolved at Committee level, without needing board motion & approval. (P.Ritchie interpretation)
* [https://docs.google.com/document/d/1QPaSEgNOkfOkk8L4X-PDT2WA9ya1E6braN5-JfgEzMQ/edit?usp=sharing Summary of Questions & response from Johanna dated Feb.10, 2016]

2. >> READ Staff Status reports below, including Detail Financial Report for 2015 through December 2015 in Excel format. P&L, A/R, A/P, Balance Sheet with cash balances for Foundation & Chapters & Projects

3.[https://www.owasp.org/index.php/Help_Secure_Owasp_assests Help Secure OWASP assets initiative, contributions from volunteers ]
* Which companies or individuals can contribute to help manage Wiki & mailing list with maintenance and patching?
* Status of Bug Bounty management services for projects and other OWAPS assists as the WIKI - through Barter Deals with service providers

= Meeting Agenda =
== Call to Order /OWASP Mission ==
Open Meeting - Start Recording, List attendees and Agenda update (only if last-minute changes are needed) (5 min)
* Approve minutes from January 13, 2016.

== Actionable Agenda Topics ==

* TO DO
* Review, discuss, act on Johanna proposal. See reading material above.

== Discussion Topics ==
* OWASP Infrastructure Transformation. AJV.

* Help Secure OWASP assets
https://www.owasp.org/index.php/Help_Secure_Owasp_assests

== Misc. Topics (10-15 Minutes) ==
* Temperature on Training + Leader Summit
* Second 5K sponsor package as outlined here: https://docs.google.com/document/d/1NG8C27_RuNmwfTnrUE_-gB5IyHlmTYo1lv-CTXo25p8/edit

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

* Matt K: Action / Update on search for OWASP Compliance officer

* Paul R: Action - Need clarification. Under financial proposal #3 & 4. Do 'Projects' require 2 leaders, or just 1 leader and 1 other active participant? Various emails recommend the latter. Staff recommends 1 leader plus 1 active participant for definition of active project.
** See Oct. 14, 2015 Votes here. https://www.owasp.org/index.php/OWASP_Board_Votes

** Chapters are being managed with a 2 leader requirement.

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* TO DO
* See Johanna new Project Review proposal above.

== Action Item Follow-Up ==
* [https://docs.google.com/spreadsheets/d/1LtYN2QSCUBSM53_M0HGAISqiGiXbxO9k8LXv2ZoIVgQ/edit?usp=sharing 2016 Action Item Status from Past BoD Meetings]
** This is new excel sheet showing AI as either OPEN or Closed with status for monthly Board reporting

== Reports ==
=== Chairmain's Report - Matt Konda ===
* Identified compliance team. (Fiona, Bil, Richard)
* ED annual review underway. (Feedback solicited, reviewing materials)
* Handoff from Tobias.
* Financials call with Andrew and Virtual
* Talked to 6 potential sponsors.
* Participated in Project call.
* Wrote sponsor letter for AppSecEU
* Discussion with Kate about Training + Leader Summit and software sponsor tier.
* Weekly one on one call.
Detail here: https://trello.com/b/YWY4pf8I/global-board

=== Vice Chairmain's Report - Josh Sokol ===
*TODO
=== Treasurer Report - Andrew van der Stock ===

I have had a kick off meeting with Paul, Alison, Matt, and Tom Pappas (our CFO) from Virtual to discuss a financial handover.

This meeting went well, and filled in a number of gaps for me. The main action items from my point of view are:

* Establishing an OWASP archive for our financial and other corporate records that is accessible by Alison so we don't lose the lot if something happened to Alison's residence or computer. This applies primarily to our old records, which we need to keep for 7 years, but aren't necessarily used daily.
* Ensuring that our FY15 year is closed out and our annual report is ready on time. This seems to be in hand, but I will keep on eye on things.
* Paul is considering moving our accounts to a better financial institution as our current one requires us to use yet another payment service. This should improve our visibility of bills and make reconciliation easier. I support this move, as it should improve our transparency and reduce costs.
* Once we have final reconciliation and the FY15 books are closed, I will ask my wife (a CPA) to look over the records to ensure things are okay.

Additionally, I asked about a line of credit that I heard was being established. Apparently there is something happening here. My main concern is that it shows up on the books so we can make sure we don't get into trouble by using it for operational expenditure unnecessarily. I understand the need for it, but we could easily get into trouble if we are paying bills on credit without a supporting income.

=== Secretary Report - Jim Manico ===
*TODO
=== Updates from Members at Large ===
* Michael Coates (Chapters)
** Focus areas for investment into chapters this year include:
*** Chapter Leader Call by region (work with staff)
*** Chapter speaker rating system
*** Centralized chapter speaker recommendation system

==Reports==
* Executive Director Status Report for 17 Feb 2016 [https://docs.google.com/document/d/131tVN6DamrOat1Io4ez3Nn4nVc_1iekeiEoUGhhTpf4/edit?usp=sharing Exec.Director Status Report - 17Feb2016]
** [https://docs.google.com/spreadsheets/d/1OdiijD2toRgkhIKupbrFMqAEZSBH_NrTxHxkKe7XDzM/edit?usp=sharing Detail 2015 Financial Report through Dec. 2015 in Excel Format] Note: These are PRELIMINARY numbers and will be final once the 2015 Books are officially 'closed' by Accounting firm approx. Mar 1, 2016
* Membership & Business Liaison Report - Kelly Santalucia [https://www.owasp.org/index.php/January_2016_Membership_Report January Membership Report] [https://docs.google.com/a/owasp.org/document/d/1GTC7FT1VYGird1gnKXwbziyOAUYDqNkm9HwPHPnXFc4/edit?usp=sharing Strategic Goal #2 Report and CodeMash 2016 update]
* Event Manager Report - Laura Grau [https://www.owasp.org/images/5/5b/February2016ConferenceManagerReport.pdf February Report]
* Operations Report - Kate Hartmann [https://docs.google.com/a/owasp.org/document/d/1gM66GBHD1y_Q3s9x_mz6hGASRhVM8nXQIwnE1TUYYyU/edit?usp=sharing report]
* Project Coordinator Report - Claudia Casanovas [https://docs.google.com/a/owasp.org/presentation/d/1bPsEydCrPZ_Xwm639h2GTjC1V7YCPawCoT-cjVnDEAs/edit?usp=sharing Report]
* Community Manager Report -Noreen Whysel [https://docs.google.com/a/owasp.org/document/d/1-4fIJfiLa8l02Hf1XBMqRYEiY2z6g4qwln-_ZLQ6GIs/edit?usp=docslist_api Report]
* IT Update from Matt T.
** MediaWiki has been updated 3 times since AppSec USA 2015 (Sept. 2015)
** Upgrade to Mailman 3.0 & server delayed due to Website demands from CalifAppSec Team 'emergency', AppSec USA & AppSec EU website builds.
** Some dead and inactive email lists cleaned out. Generally low priority re: other demands.
** 10 hours /month is completely too little for demands from Community, especially for breakage & repair after Matt sets items up for community use. (Matt has details & examples)
** Net, net Paul now working with staff and Matt T to define how to add resource with 'Matt level access' to cover more common community support needs, vs. Infrastructure/domain/server admin to remain with Matt T.

=== Community Initiative Reports ===
* TODO

==Announcements==
* TODO

==Adjournment==
* Willing to shift to March 15?
* Next meeting date/time: [[March 16, 2016]], 16:00-17:00 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]

==Motion to close meeting==

Board

2016-01-07T20:40:34Z

MichaelCoates: /* Upcoming 2016 Meetings */ fixed ugly links

__NOTOC__

= About the OWASP Board =

== Current OWASP Global Board 2016 ==

* [[User:Tgondrom|Tobias Gondrom]] Hong Kong - tobias.gondrom(at)owasp.org
* [[User:Jsokol|Josh Sokol]] Texas, USA - josh.sokol(at)owasp.org
* [[User:brennan|Tom Brennan]] New Jersey - tomb(at)owasp.org
* [[Matt Konda]] Chicago, USA - matt.konda(at)owasp.org
* [[User:MichaelCoates|Michael Coates]] - California, USA - michael.coates(at)owasp.org
* [[Andrew van der Stock]] Australia - vanderaj(at)owasp.org
* [[User:Jmanico|Jim Manico]] Hawaii - jim(at)owasp.org

== OWASP Board Elections ==
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

= Agenda for 2016 Meetings =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]
* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

== Upcoming 2016 Meetings ==

* [[January 13, 2016]], 16:00-17:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=01&day=14&hour=00&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[February 17, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=02&day=17&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[March 16, 2016]], 16:00-17:00 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[April 20, 2016]], 16:00-17:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=04&day=20&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[May 18, 2016]], 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[July 1, 2016]], 18:00-21:00 CEST, in Rome at AppSecEU - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=01&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[July 27, 2016]], 07:00-08:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=27&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[August 24, 2016]], 16:00-17:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=08&day=24&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[September 21, 2016]] 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=09&day=21&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[October 14, 2016]], at AppSecUSA 18:00 - 21:00 EDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=10&day=14&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[November 9, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[November 30, 2016]], 15:00-16:30 PST - placeholder only optional if needed - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=30&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]
* [[December 14, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=12&day=14&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter ]

= Board Communication =

[https://www.owasp.org/index.php/OWASP_Foundation_ByLaws ByLaws]<br/>
[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy Conflict of Interest Policy and Signed Conflict Statements]<br/>
[https://docs.google.com/a/owasp.org/folder/d/0BxI4iTO_QojvNW9jaXFyWGZwR28/edit Weekly Board/Staff Communication Documents]<br/>
[https://www.google.com/calendar/embed?src=owasp.org_d1dcflbc5oul9nji1ftc3pjji8@group.calendar.google.com&ctz=Pacific/Honolulu OWASP Board Calendar]

== Best practices ==

Note: these best practices are merely a collection of procedures deemed good process for a board. '''They are not binding''' and have not been voted on or ratified by the board to this date. Online: [http://www.rulesonline.com/rror--00.htm http://www.rulesonline.com/rror--00.htm]

=== Best Practices for Board conduct:===
We consider it best practices for our board to follow in spirit the "Robert's Rules of Order".
* That means that board votes require a motion brought forth by one board member and to be seconded by an other board member.
** A motion should be specific, unique, and concise. It should include all the relevant details, be unambiguous, and leave as little room for interpretation as possible.
* After the motion has been seconded the board may discuss the issue and / or vote on it.

A board member makes a motion and the board waits for your motion to be seconded. With few exceptions, all motions need to be seconded by another member of the Board. This is to ensure that the Board does spend its time effectively and not evaluating a proposal which only one member favors.
* In a formal setting, they will say something along the lines of "I second the motion," or even just "I second."
* In certain cases, such as when a general consensus is apparent, the presiding officer can choose to skip this step and move on to the next one.

= Archive and Voting History =

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

=== Past OWASP Boards ===
[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

== Archive for 2015 Meetings ==
* [[December 9, 2015]], 15:00-17:00 PST
* [[November 18, 2015]], 14:00-15:30 PST
* [[November 4, 2015]], 12:00-13:30 PST
* [[October 14, 2015]], 14:00-15:00 PDT
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[August 12, 2015]], 16:00-17:00 PST
* [[July 22, 2015]], 14:00-15:00 PDT
* [[June 24, 2015]], 14:00-15:00 PDT
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[April 29, 2015]], 12:00-13:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[January 14, 2015]], 9am-10am PST

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr>

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr>

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] <span style="color:blue">Postponed until March 9, 2010</span>

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Board Focus Ideas =

== First suggested priority of Board from Paul ==
* What are the top 5 "Initiatives" we want or believe the OWASP Community should be focusing on in 2016-2017? (Areas that should receive our time effort & money.)
* Intent here is to stimulate a Board level & Community discussion about strategic goals, and then actionable objectives that.....a) align with mission of OWASP, and b) stimulate enough interest at Community level to cause volunteers to engage & participate, and c) produce output of value and benefit to owasp community on a Global basis.

== Projects Ideas==

* Project Review & Project Platform - good progress, keep it going. We need "more" volunteer engagement to provide more diverse review.
* New Project Ideas. Where is industry going, where will it be in 5 years? OWASP should suggest projects that we need and find team to build them!
* Project Summit support & funding
* International Chapter / Region support & funding for projects
* Hire full or part time technical writer to help with project (from Simon, flagship project lead)
* a platform for funding pull requests / contributions to projects - this could be a way to financially reward folks for contributing. I know ZAP recently experimented with this - not sure how it went, but we have money - might be a good way to spend it (maybe leveraging something like the bithub idea https://whispersystems.org/blog/bithub/). I would want the ability to personally remove myself from the ability of receiving payment. (from John Melton, flagship project lead)
* help with applying for grants - including letting us know of available grants and helping us do the paperwork if necessary
* make inter-project recommendations - since you sit at a level where you see various projects, maybe make recommendations for areas where multiple projects could collaborate for added value (from John Melton, flagship project lead)
* project of the month - this may already happen, but if not, maybe the newsletter could feature a project every month, including information like a project overview, an audio interview with the project leader(s), a list of priority tasks for people to help with, etc. (from John Melton, flagship project lead)
* get access to available free tools - I've actually seen several tools that are available for use within OWASP, though I hear about them haphazardly. It would be good if there were a single resource for leads to know what was available. Thinking of things like: free licenses of paid software (intellij, webex) or access to products/services (surveymonkey, AWS, GCE or Azure credits) that could be useful to the project (from John Melton, flagship project lead)
* conducting surveys - We do surveys periodically, and I fill them out. Joanna has used them to good effect. We might be able to make that more regular and get good data on our projects.
* "help wanted" site - We use github issues on our project. However, one thing I hear repeatedly is project leaders saying they need help, and owasp members asking how to help. It seems like we could put up a "jobs" board of some kind to connect folks within the community for things like this. We could probably connect this to $ in some way if we wanted to. I imagine there's a tool out there that already does this too. (from John Melton, flagship project lead)
* continue and expand "summer of code" programs - I believe these programs add lots of value. Not only do they get practical things done on the projects, but they give us good visibility, get people involved in the projects (many continue to contribute), give us good press in the community, and invigorate the mentors as well. (from John Melton, flagship project lead)

== Training ==
* Training is OK now....but what do we want to do here? Business as usual?
* Update current project level training docs, or
* Begin some form of Curriculum for Academic use?

== Advocacy==
* Liaison with other Orgs
** ID those Developer groups and go to their conferences & meetings
** ...just a few, but caution is to approach 1-2 at a time and get an outcome
* Regulatory policy (lobbying). OK, if its is a hot topic to some....then BoD should encourage it and help first set of people get that WG started and provide small set of guidelines on Advocacy vs. Lobbying.
* Crank out true press releases or blogs say on quarterly basis when we have couple public releases.
* Consider WG and provide small set of guidelines on Advocacy vs. Lobbying.

== Community Portals ==
* Should be our goto destination for owasp community to access for current & relevant info on OWASP activities.
* Focused WG to take action on Wiki Cleanup & ease of use.
* Consider funding larger wiki cleanup and migration effort (Jim)

== Marketing ==
* General PR & Marketing the OWASP Story - Promote ourselves more!
* Crank up a Recruiting program - Both Corporate & Individual.

<headertabs/>

Bay Area

2015-11-20T22:27:25Z

MichaelCoates: /* Mentorship Program */

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
Bay Area Mentorship Program - Meeting #1

San Francisco

December 1

[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

== Mentorship Program ==
* OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.
* First meeting will be held on December 1
** Complete the following form [https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.
** Then [http://www.meetup.com/Bay-Area-OWASP/ RSVP for the meetup]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:California]]
[[Category:OWASP Chapter]]

Bay Area

2015-11-20T17:55:17Z

MichaelCoates:

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup!

Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

== Our next event ==
Bay Area Mentorship Program - Meeting #1

San Francisco

December 1

[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

= Mentorship Program =
OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.

[https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:California]]
[[Category:OWASP Chapter]]

Bay Area

2015-11-20T17:53:58Z

MichaelCoates:

= Chapter Meetings =

Bay Area OWASP Chapter meetings are posted on meetup! Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for all chapter event information.

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
==== 2014 Past Events ====
* December 2014 - San Francisco @ Mozilla
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
** Jasvir Nagra, Google - Firing Bots at Bugs
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
* August 2014 - San Francisco @ Lookout
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
*May 2014 - Redwood City @ Evernote
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
** Arshad Noor - CTO, StrongAuth
** Rich Tener - Director of Security, Evernote
* March 2014 - San Francisco @ Stripe
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
** Hosted by [https://stripe.com/ Stripe]<br>
* Feb 2014 - San Jose @ Jillians
** OWASP Developer Training & Social Hour - Monday 2/24/2013
** Hosted by OWASP at Jillian's Billiards Club
*Feb 2014 - Special Free Training Event
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
*Jan 2014 - San Jose @ F5
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
** Hosted by [http://www.f5.com/ F5]
==== 2013 Past Events ====
*Dec 2013 - San Francisco @ Twilio
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
** Hosted by [http://www.twilio.com/ Twilio]
*Nov 2013 - San Francisco @ LendingClub
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
** Hosted by [https://www.lendingclub.com/ LendingClub]
* Sept 2013 - Mt View @ Shape Security
** OWASP Social Hour in Mountain View - Wednesday 9/25/13
** Hosted by [http://www.shapesecurity.com/ Shape Security]
*July 2013 - Berkeley @ University of Berkely
** OWASP Presentation Meeting
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
** "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
* Astha Singhal
* Katherine Carpenter
* Siva Yenamareddy

= Mentorship Program =
OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.

[https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]

[[Category:California]]
[[Category:OWASP Chapter]]

October 14, 2015

2015-10-14T18:43:01Z

MichaelCoates: /* New Business */

Main Page

2015-09-30T21:47:06Z

MichaelCoates:

<div style="font-size:7pt;">
<div align="center">
</div></div>



{|style="width:100%;background-color:#C4D7ED;border:1px solid #183152"
|style="width:56%;color:#000"|

{|style="width:280px;border:solid 0px;background:none"
|-
|style="width:280px;text-align:center;color:#000" |
<IfLanguage Is="en">
<div style="font-size:162%;border:none;margin: 0;color:#000">'''Welcome to [[About The Open Web Application Security Project|OWASP]]'''</div><div style="top:+0.2em;font-size: 95%">the free and open software security community</div>
</IfLanguage>
<IfLanguage Is="es">
<div style="font-size:162%;border:none;margin: 0;color:#000">'''Bienvenido a [[About The Open Web Application Security Project/es|OWASP]]'''</div><div style="top:+0.2em;font-size: 95%">la comunidad libre y abierta sobre seguridad en aplicaciones</div>
</IfLanguage>
|}


|style="width:110px;font-size:95%;color:#000"|
*[https://www.owasp.org/index.php/OWASP_Dependency_Check Dependency Check]
|style="width:180px;font-size:95%"|
*[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP Proxy]
*[https://www.owasp.org/index.php/Cheat_Sheets Cheat Sheets]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Top Ten Project|Top 10]]
*[https://www.owasp.org/index.php/OWASP_OWTF OWTF]
*[[:Category:OWASP_Application_Security_Verification_Standard_Project |ASVS]]
*[[:Category:Software_Assurance_Maturity_Model|SAMM]]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Guide Project|Development Guide]]
*[https://www.owasp.org/index.php/OWASP_AppSensor_Project AppSensor]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Testing Project|Testing Guide]]
*[https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project ModSecurity Ruleset]
|style="width:110px;font-size:95%"|
*'''[[:Category:OWASP_Project|More...]]'''

|} 

<center>
{|style="width:100%;background:none;"
|style="font-size:95%;text-align:left;color:#000"|[[About The Open Web Application Security Project|About]] '''·''' [[Searching|Searching]] '''·''' [[Tutorial|Editing]] '''·''' [[How to add a new article|New Article]] '''·''' [[OWASP Categories]]
|style="font-size:95%;padding:10px 0;margin:0px;text-align:right;color:#000"| [[Special:Statistics|Statistics]] '''·''' [https://www.owasp.org/index.php?title=Special:Recentchanges&limit=100&hidebots=0 Recent Changes]
|}
</center>


{|style="width:100%;border-spacing:8px;margin:0px -8px"


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|{{Main Left Panel}}


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|{{Main Right Panel}}


|}

__NOTOC__ __NOEDITSECTION__

File:AppSecUSA-1.png

2015-09-15T05:23:48Z

MichaelCoates: MichaelCoates uploaded a new version of "File:AppSecUSA-1.png"

Bay Area

2015-09-14T01:21:34Z

MichaelCoates:

= Chapter Meetings =

Bay Area OWASP Chapter meetings and posted on MEETUP! Please visit [http://www.meetup.com/Bay-Area-OWASP/ http://www.meetup.com/Bay-Area-OWASP/] for more information.

[[File:2015AppSecUSA-SF.png|400px|thumb|alt=Register Now!|link=https://2015.appsecusa.org]]
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

http://www.eventbrite.com/rss/user_list_events/22961305858

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==
==== 2015 Past Events ====
Can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]

==== December 2014 - San Francisco @ Mozilla ====
OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>

* Jasvir Nagra, Google - Firing Bots at Bugs
* Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek

==== August 2014 - San Francisco @ Lookout ====
OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>

* Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
* Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application

==== May 2014 - Redwood City @ Evernote ====
OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>

* Arshad Noor - CTO, StrongAuth
* Rich Tener - Director of Security, Evernote

==== March 2014 - San Francisco @ Stripe ====
OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
Hosted by [https://stripe.com/ Stripe]<br>

==== Feb 2014 - San Jose @ Jillians ====
OWASP Developer Training & Social Hour - Monday 2/24/2013
Hosted by OWASP at Jillian's Billiards Club

==== Feb 2014 - Special Free Training Event ====
OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

==== Jan 2014 - San Jose @ F5====
OWASP Social Hour in San Jose - Wednesday 1/22/2013
Hosted by [http://www.f5.com/ F5]

==== Dec 2013 - San Francisco @ Twilio ====
OWASP Social Hour in San Francisco - Thursday 12/19/2013
Hosted by [http://www.twilio.com/ Twilio]

==== Nov 2013 - San Francisco @ LendingClub ====
OWASP Social Hour in Mountain View - Wednesday 11/6/13
Hosted by [https://www.lendingclub.com/ LendingClub]

==== Sept 2013 - Mt View @ Shape Security====
OWASP Social Hour in Mountain View - Wednesday 9/25/13
Hosted by [http://www.shapesecurity.com/ Shape Security]

==== July 2013 - Berkeley @ University of Berkely====
OWASP Presentation Meeting

* An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
* "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
* Ben Hagen
* Neal Mueller
*[mailto:teresa.ann.stevens2009@gmail.com Teresa Stevens]

= Mentorship Program =
OWASP Bay Area is launching a mentorship program to match university students and those new to the application security field with established AppSec professionals.

[https://docs.google.com/a/owasp.org/forms/d/1AYOgpqJ6hRYL_kURX5x5DrG6kdDweiQupJvOQZHV2gs/edit Submit your information] if you're interested in participating.

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]

[[Category:California]]
[[Category:OWASP Chapter]]

File:AppSecUSA-1.png

2015-08-07T01:34:05Z

MichaelCoates: MichaelCoates uploaded a new version of "File:AppSecUSA-1.png"

August 12, 2015

2015-08-04T17:24:08Z

MichaelCoates: /* New Business */

Main Page

2015-07-30T01:29:14Z

MichaelCoates:

<div style="font-size:7pt;">
<div align="center">
</div></div>
[[File:AppSecUSA-1.png |link=https://2015.appsecusa.org/ ]]


{|style="width:100%;background-color:#C4D7ED;border:1px solid #183152"
|style="width:56%;color:#000"|

{|style="width:280px;border:solid 0px;background:none"
|-
|style="width:280px;text-align:center;color:#000" |
<IfLanguage Is="en">
<div style="font-size:162%;border:none;margin: 0;color:#000">'''Welcome to [[About The Open Web Application Security Project|OWASP]]'''</div><div style="top:+0.2em;font-size: 95%">the free and open software security community</div>
</IfLanguage>
<IfLanguage Is="es">
<div style="font-size:162%;border:none;margin: 0;color:#000">'''Bienvenido a [[About The Open Web Application Security Project/es|OWASP]]'''</div><div style="top:+0.2em;font-size: 95%">la comunidad libre y abierta sobre seguridad en aplicaciones</div>
</IfLanguage>
|}


|style="width:110px;font-size:95%;color:#000"|
*[https://www.owasp.org/index.php/OWASP_Dependency_Check Dependency Check]
|style="width:180px;font-size:95%"|
*[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP Proxy]
*[https://www.owasp.org/index.php/Cheat_Sheets Cheat Sheets]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Top Ten Project|Top 10]]
*[https://www.owasp.org/index.php/OWASP_OWTF OWTF]
*[[:Category:OWASP_Application_Security_Verification_Standard_Project |ASVS]]
*[[:Category:Software_Assurance_Maturity_Model|SAMM]]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Guide Project|Development Guide]]
*[https://www.owasp.org/index.php/OWASP_AppSensor_Project AppSensor]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Testing Project|Testing Guide]]
*[https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project ModSecurity Ruleset]
|style="width:110px;font-size:95%"|
*'''[[:Category:OWASP_Project|More...]]'''

|} 

<center>
{|style="width:100%;background:none;"
|style="font-size:95%;text-align:left;color:#000"|[[About The Open Web Application Security Project|About]] '''·''' [[Searching|Searching]] '''·''' [[Tutorial|Editing]] '''·''' [[How to add a new article|New Article]] '''·''' [[OWASP Categories]]
|style="font-size:95%;padding:10px 0;margin:0px;text-align:right;color:#000"| [[Special:Statistics|Statistics]] '''·''' [https://www.owasp.org/index.php?title=Special:Recentchanges&limit=100&hidebots=0 Recent Changes]
|}
</center>


{|style="width:100%;border-spacing:8px;margin:0px -8px"


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|{{Main Left Panel}}


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|{{Main Right Panel}}


|}

__NOTOC__ __NOEDITSECTION__

File:AppSecUSA-1.png

2015-07-30T01:04:41Z

MichaelCoates: MichaelCoates uploaded a new version of "File:AppSecUSA-1.png"

File:AppSecUSA-1.png

2015-07-28T17:19:53Z

MichaelCoates: MichaelCoates uploaded a new version of "File:AppSecUSA-1.png"

File:AppSecUSA-1.png

2015-07-24T23:42:11Z

MichaelCoates: MichaelCoates uploaded a new version of "File:AppSecUSA-1.png"

File:AppSecUSA-1.png

2015-07-24T23:40:51Z

MichaelCoates: MichaelCoates uploaded a new version of "File:AppSecUSA-1.png"

Main Page

2015-07-24T21:55:28Z

MichaelCoates: Adding AppSecUSA Banner as previously discussed w/planners & board

<div style="font-size:7pt;">
<div align="center">
</div></div>
[[File:AppSecUSA-1.png |link=https://2015.appsecusa.org/buy/ ]]


{|style="width:100%;background-color:#C4D7ED;border:1px solid #183152"
|style="width:56%;color:#000"|

{|style="width:280px;border:solid 0px;background:none"
|-
|style="width:280px;text-align:center;color:#000" |
<IfLanguage Is="en">
<div style="font-size:162%;border:none;margin: 0;color:#000">'''Welcome to [[About The Open Web Application Security Project|OWASP]]'''</div><div style="top:+0.2em;font-size: 95%">the free and open software security community</div>
</IfLanguage>
<IfLanguage Is="es">
<div style="font-size:162%;border:none;margin: 0;color:#000">'''Bienvenido a [[About The Open Web Application Security Project/es|OWASP]]'''</div><div style="top:+0.2em;font-size: 95%">la comunidad libre y abierta sobre seguridad en aplicaciones</div>
</IfLanguage>
|}


|style="width:110px;font-size:95%;color:#000"|
*[https://www.owasp.org/index.php/OWASP_Dependency_Check Dependency Check]
|style="width:180px;font-size:95%"|
*[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP Proxy]
*[https://www.owasp.org/index.php/Cheat_Sheets Cheat Sheets]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Top Ten Project|Top 10]]
*[https://www.owasp.org/index.php/OWASP_OWTF OWTF]
*[[:Category:OWASP_Application_Security_Verification_Standard_Project |ASVS]]
*[[:Category:Software_Assurance_Maturity_Model|SAMM]]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Guide Project|Development Guide]]
*[https://www.owasp.org/index.php/OWASP_AppSensor_Project AppSensor]
|style="width:180px;font-size:95%"|
*[[:Category:OWASP Testing Project|Testing Guide]]
*[https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project ModSecurity Ruleset]
|style="width:110px;font-size:95%"|
*'''[[:Category:OWASP_Project|More...]]'''

|} 

<center>
{|style="width:100%;background:none;"
|style="font-size:95%;text-align:left;color:#000"|[[About The Open Web Application Security Project|About]] '''·''' [[Searching|Searching]] '''·''' [[Tutorial|Editing]] '''·''' [[How to add a new article|New Article]] '''·''' [[OWASP Categories]]
|style="font-size:95%;padding:10px 0;margin:0px;text-align:right;color:#000"| [[Special:Statistics|Statistics]] '''·''' [https://www.owasp.org/index.php?title=Special:Recentchanges&limit=100&hidebots=0 Recent Changes]
|}
</center>


{|style="width:100%;border-spacing:8px;margin:0px -8px"


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|{{Main Left Panel}}


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|{{Main Right Panel}}


|}

__NOTOC__ __NOEDITSECTION__

File:AppSecUSA-1.png

2015-07-24T21:52:53Z

MichaelCoates:

User:MichaelCoates

2015-07-23T19:32:00Z

MichaelCoates:

List of all edits to the OWASP wiki: [[:Special:Contributions/MichaelCoates|click here]].

'''Michael Coates''' - [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Global_Board_Members Global Board Member]

[[Image:MichaelCoates-OWASP.jpg|100px]]

Contact at : Michael.Coates [at] owasp.org

Blog: http://michael-coates.blogspot.com

Twitter:[https://twitter.com/_mwc @_mwc]

=About=

==OWASP Involvement==
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Global_Board_Members OWASP Board] - Elected September, 2011

[[:Category:OWASP_AppSensor_Project|AppSensor]] - Project Lead, project started Summer of Code 2008

[[Global_Membership_Committee]] - Member since committee inception November, 2008

[[Top_10_2010| OWASP Top 10 2010]] - Recognized Contributor

[[Transport_Layer_Protection_Cheat_Sheet| OWASP Transport Layer Protection Cheat Sheet]] - Author

[https://www.owasp.org/index.php/Special:Contributions/MichaelCoates| Wiki Contributions]

Speaker at following OWASP conferences/events:

* OWASP Minneapolis Chapter, 2011
* OWASP San Antonio Chapter, 2011
* OWASP World Summit - Portugal, 2011
* OWASP AppSec USA California, 2010
* OWASP Northern Virginia Chapter, 2010
* OWASP Chicago Chapter, 2009
* OWASP AppSec EU Poland, 2009
* OWASP World Summit - Portugal, 2008

Full conference speaking history [http://michael-coates.blogspot.com/p/speaking-events.html here]

==Bio==

Michael Coates is the Chairman of the OWASP board. In addition, he is the creator of OWASP AppSensor, a project dedicated to creating attack aware applications that leverage real time detection and response capabilities.

Michael is also the Director of Product Security at Shape Security, a Silicon Valley startup developing an entirely new type of web security product to protect web sites against modern attacks.

Previously, Michael was the Director of Security Assurance at Mozilla where he founded and grew the Security Assurance and Web Security programs to 25 people.

Throughout Michael's career he has advised major corporations and governments on secure architecture and software security. He’s also performed hundreds of technical security assessments for financial, enterprise, and cellular
customers worldwide. Michael also maintains a security blog at michael-coates.blogspot.com

Michael holds a Master of Science degree in Computer, Information and Network Security from DePaul University and a Bachelor of Science degree in Computer Science from the University of Illinois at Urbana-Champaign.

==History==

A bit more in my own words...

My day job is at Shape Security - an exciting startup in the heart of silicon valley. Here we're evaluating how applications are compromised and building new approaches to fundamentally change the model of defending applications. This is an exciting role where I focus on the secure design of our product and also evaluating the threat space to educate and understand risks facing large applications.

I previously worked at Mozilla, a company of 900+ people with a massive footprint with over 450 million users. Here I was responsible for the Mozilla security program. This included security of Firefox, all web applications, servers and infrastructure. As part of this role we led threat modeling, secure design, training, testing and continual security maintenance. Security can be tough, and perhaps one of the most interesting challenges is designing security solutions that scale and are usable to such a massive number of people.

Security is what I do. Like many of us in the security industry, this is more than just a means of employment, it's a hobby and a passion. Throughout my professional career I've had the opportunity to assess and secure a wide variety of systems. Straight out of college my career started in the risk division of a CPA firm. With a focus on financial institutions, our security team performed traditional no knowledge black box penetration assessments, internal network assessments, and even social engineering. Some of my best security stories involve the stories and persona I invented in order to talk my way into the bank's vault or server room (all part of the approved engagement of course).

My next opportunity led me to a major telecommunication and mobile company. I had the opportunity to work in the security operations center for a period of time where I gain an eye opening experience being on the "other side of the fence". Tasked with defending and investing attacks on a network of 150K seats, there was never a dull moment. I also had the opportunity to transition into the consulting division where I performed secure architecture design review on mobile and telecommunications networks. Another great security story involved an assessment where, with just a tethered cell phone and an international data connection, I was able to gain full control of the data service for the targeted mobile provider in Asia.

I was fortunate enough to land a spot in a top-notch application security consulting firm. With this company I was able to focus every day on threat modeling, code review and web application penetration assessments for the most critical applications in the world. From working on major financial systems to voting devices, I had a chance to really see it all.

Don't get me wrong, the deep dive into the technical items is great. I've done it for years. But the key item has been translating these technical issues into the overall risk to the business and users. Managing risk is the driving factor for everything that we end up doing in security.

=OWASP Board Candidate 2011=

'''My Vision For OWASP'''

Technology is changing at a rapid pace and security plays a vital role in the technology ecosystem. Security should not be seen as a blockade to innovation; instead, security can be leveraged to allow our technology to do more than we ever realized. OWASP is well poised to provide the advanced security knowledge, tools and training to empower companies to integrate security as a product differentiator and impetus for technology advancement.

My vision for OWASP includes a board that creates opportunities and acts as a catalyst for OWASP projects and the advancement of the OWASP mission. OWASP is powerful because of the massive expertise that we contain from all of our contributors around the world. I believe that the OWASP board should provide the necessary resources, technologies, funding and support for OWASP contributors to be successful in growing security technology, addressing security challenges and sharing these skills with the world.

In addition, I feel the OWASP board should work to help OWASP identify key challenges that should be focused upon in a planned period of time. The combination of addressing an identified security challenge and continued support for individual project growth will allow OWASP to both leverages our collective expertise and also support organic individual project growth. I believe this two-pronged approach will allow OWASP to continue to grow and create world-class security resources.

The following areas are key positions that I hold and represent the direction I wish to pursue on the OWASP board:

* '''Breaking out of the Echo Chamber''': OWASP should focus on working with people that have never heard of OWASP before. I plan to build the necessary presentations, tools and funding to get OWASP members at college campuses and developer conferences to teach OWASP materials.

* '''Funding''': OWASP is a non-profit and is powered by our mission and our volunteers. However, we can do more if we have the necessary resources to dream big. I plan to pursue grants and funding that enable OWASP to do more to spread our knowledge and advance our mission.

* '''Integration with Enterprises''': As a security professional employed at a major technology company I wish to further expand OWASP's involvement with corporate entities to address the core risks and challenges they are facing. This involves sitting down with these industries through our global committees and identifying their needs and how we can help meet them.

* '''Community and Open''': I strongly believe in the O in OWASP. Like the web, security should be open and available to all. The power of OWASP lies in the individuals that donate their time and skills. I plan to grow our community and identify ways we can further strengthen the worldwide community.

July 22, 2015

2015-07-22T21:52:38Z

MichaelCoates: /* New Business */

June 24, 2015

2015-07-22T21:52:30Z

MichaelCoates: /* New Business */ added to wrong month

June 24, 2015

2015-07-22T21:10:28Z

MichaelCoates: /* New Business */

March 25, 2015

2015-03-25T00:36:51Z

MichaelCoates: /* New Business */

Bay Area

2015-01-13T06:55:44Z

MichaelCoates: /* Where */

[[File:2015AppSecUSA-SF.png|400px|thumb|alt=Register Now!|link=https://2015.appsecusa.org]]
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= Next Event=
Wednesday, January 21, 2015 - Redwood City @ Synack

OWASP Chapter Meeting in Redwood City hosted by [https://www.synack.com/ Synack]<br>

[http://www.meetup.com/Bay-Area-OWASP/events/219158654/ RSVP on Meetup]<br>
====When====

* Wednesday, Jan 21
* 5:45 pm - 8:00 pm

====Where====

Synack
[https://goo.gl/maps/Dmkzr 1600 Seaport Boulevard, Redwood City, CA]
Building - #170 North

====Agenda====

5:45-6:30 pm - Networking with Drinks & Food <br>
6:30-7:10 : Michael Barrett - FIDO Alliance v1.0 UAF & U2F <br>
7:15-7:55 : Scott Behrens - The Joy Of Intelligent Proactive Security <br>
8:00-8:20 : More food, drink, and security "hallway con" <br>

====Speakers====

* Michael Barrett, Stealth Startup & FIDO Alliance
* Scott Behrens, Netflix

===== Michael Barrett, Stealth Startup & FIDO Alliance =====
'''FIDO Alliance v1.0 UAF & U2F'''

The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords.

On December 9, 2014 FIDO published final 1.0 drafts of its two specifications – Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

'''Michael Barrett''' is the CEO of an early stage startup in the enterprise security space. (“We’re in stealth mode - if I told you, I’d have to shoot you...”)

Previously, Barrett was President of the FIDO Alliance, an open standards consortium that is reimagining authentication on mobile devices and the Internet. He serves on the board of directors of StopBadWare, a 501(c)(3) Berkman Center spin out organization dedicated to mitigating the impact of malware on businesses and individuals.

From 2006 to 2013, Barrett was the Chief Information Security Officer for PayPal. In this role, he was responsible for ensuring the security of PayPal’s 130+ million accounts worldwide. He oversaw the information systems and services that protect the integrity and confidentiality of PayPal customer and employee information, and led a team of roughly 100 people.

===== Scott Behrens, Netflix=====
'''The Joy Of Intelligent Proactive Security '''

Netflix is amongst the largest users of the public cloud, consuming roughly 30% of all the US's downstream bandwidth at peak. Multiple concurrent code bases, continuous deployments, regional content, and an ever-changing threat landscape make vulnerability and asset management difficult. In order to battle this dynamic environment, we have taken an approach of automating, simplifying, and collecting actionable data with proactive security.

This presentation will assert that the agility of modern infrastructure requires a different approach to security. We look at common areas of a mature security program: identifying and addressing potential issues, monitoring for attacks and anomalies, understanding your environment, collecting and sharing information, all while constantly reevaluating your approach. We will also walk through a few real world cases where intelligent proactive security has simplified Netflix's response time for identifying, responding to, and remediating security issues.

We will also provide demonstrations of a number of Netflix applications that are currently or soon-to-be open sourced that can help you simplify your security program regardless of whether you operate in the cloud or data center.

Attendees will leave this talk with real world strategies, techniques, and Netflix open source tools they can use in their own organizations.

'''Scott Behrens''' is a security evangelists at Netflix focusing on application security engineering as part of the Product and Application Security team. Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, Chicago Bsides, and a handful of other security conferences.

<br><br>
'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

http://www.eventbrite.com/rss/user_list_events/22961305858

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==

==== December 2014 - San Francisco @ Mozilla ====
OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>

* Jasvir Nagra, Google - Firing Bots at Bugs
* Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek

==== August 2014 - San Francisco @ Lookout ====
OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>

* Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
* Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application

==== May 2014 - Redwood City @ Evernote ====
OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>

* Arshad Noor - CTO, StrongAuth
* Rich Tener - Director of Security, Evernote

==== March 2014 - San Francisco @ Stripe ====
OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
Hosted by [https://stripe.com/ Stripe]<br>

==== Feb 2014 - San Jose @ Jillians ====
OWASP Developer Training & Social Hour - Monday 2/24/2013
Hosted by OWASP at Jillian's Billiards Club

==== Feb 2014 - Special Free Training Event ====
OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

==== Jan 2014 - San Jose @ F5====
OWASP Social Hour in San Jose - Wednesday 1/22/2013
Hosted by [http://www.f5.com/ F5]

==== Dec 2013 - San Francisco @ Twilio ====
OWASP Social Hour in San Francisco - Thursday 12/19/2013
Hosted by [http://www.twilio.com/ Twilio]

==== Nov 2013 - San Francisco @ LendingClub ====
OWASP Social Hour in Mountain View - Wednesday 11/6/13
Hosted by [https://www.lendingclub.com/ LendingClub]

==== Sept 2013 - Mt View @ Shape Security====
OWASP Social Hour in Mountain View - Wednesday 9/25/13
Hosted by [http://www.shapesecurity.com/ Shape Security]

==== July 2013 - Berkeley @ University of Berkely====
OWASP Presentation Meeting

* An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
* "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
*[mailto:teresa.ann.stevens2009@gmail.com Teresa Stevens]
*[mailto:cory@crazypenguin.com Cory Scott]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]

[[Category:California]]
[[Category:OWASP Chapter]]

Bay Area

2015-01-13T06:54:16Z

MichaelCoates: /* Next Event */

[[File:2015AppSecUSA-SF.png|400px|thumb|alt=Register Now!|link=https://2015.appsecusa.org]]
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= Next Event=
Wednesday, January 21, 2015 - Redwood City @ Synack

OWASP Chapter Meeting in Redwood City hosted by [https://www.synack.com/ Synack]<br>

[http://www.meetup.com/Bay-Area-OWASP/events/219158654/ RSVP on Meetup]<br>
====When====

* Wednesday, Jan 21
* 5:45 pm - 8:00 pm

====Where====

[https://goo.gl/maps/iQIKh Mozilla, 2 Harrison St, San Francisco, CA 94105]

====Agenda====

5:45-6:30 pm - Networking with Drinks & Food <br>
6:30-7:10 : Michael Barrett - FIDO Alliance v1.0 UAF & U2F <br>
7:15-7:55 : Scott Behrens - The Joy Of Intelligent Proactive Security <br>
8:00-8:20 : More food, drink, and security "hallway con" <br>

====Speakers====

* Michael Barrett, Stealth Startup & FIDO Alliance
* Scott Behrens, Netflix

===== Michael Barrett, Stealth Startup & FIDO Alliance =====
'''FIDO Alliance v1.0 UAF & U2F'''

The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords.

On December 9, 2014 FIDO published final 1.0 drafts of its two specifications – Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

'''Michael Barrett''' is the CEO of an early stage startup in the enterprise security space. (“We’re in stealth mode - if I told you, I’d have to shoot you...”)

Previously, Barrett was President of the FIDO Alliance, an open standards consortium that is reimagining authentication on mobile devices and the Internet. He serves on the board of directors of StopBadWare, a 501(c)(3) Berkman Center spin out organization dedicated to mitigating the impact of malware on businesses and individuals.

From 2006 to 2013, Barrett was the Chief Information Security Officer for PayPal. In this role, he was responsible for ensuring the security of PayPal’s 130+ million accounts worldwide. He oversaw the information systems and services that protect the integrity and confidentiality of PayPal customer and employee information, and led a team of roughly 100 people.

===== Scott Behrens, Netflix=====
'''The Joy Of Intelligent Proactive Security '''

Netflix is amongst the largest users of the public cloud, consuming roughly 30% of all the US's downstream bandwidth at peak. Multiple concurrent code bases, continuous deployments, regional content, and an ever-changing threat landscape make vulnerability and asset management difficult. In order to battle this dynamic environment, we have taken an approach of automating, simplifying, and collecting actionable data with proactive security.

This presentation will assert that the agility of modern infrastructure requires a different approach to security. We look at common areas of a mature security program: identifying and addressing potential issues, monitoring for attacks and anomalies, understanding your environment, collecting and sharing information, all while constantly reevaluating your approach. We will also walk through a few real world cases where intelligent proactive security has simplified Netflix's response time for identifying, responding to, and remediating security issues.

We will also provide demonstrations of a number of Netflix applications that are currently or soon-to-be open sourced that can help you simplify your security program regardless of whether you operate in the cloud or data center.

Attendees will leave this talk with real world strategies, techniques, and Netflix open source tools they can use in their own organizations.

'''Scott Behrens''' is a security evangelists at Netflix focusing on application security engineering as part of the Product and Application Security team. Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, Chicago Bsides, and a handful of other security conferences.

<br><br>
'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

http://www.eventbrite.com/rss/user_list_events/22961305858

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==

==== December 2014 - San Francisco @ Mozilla ====
OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>

* Jasvir Nagra, Google - Firing Bots at Bugs
* Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek

==== August 2014 - San Francisco @ Lookout ====
OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>

* Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
* Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application

==== May 2014 - Redwood City @ Evernote ====
OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>

* Arshad Noor - CTO, StrongAuth
* Rich Tener - Director of Security, Evernote

==== March 2014 - San Francisco @ Stripe ====
OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
Hosted by [https://stripe.com/ Stripe]<br>

==== Feb 2014 - San Jose @ Jillians ====
OWASP Developer Training & Social Hour - Monday 2/24/2013
Hosted by OWASP at Jillian's Billiards Club

==== Feb 2014 - Special Free Training Event ====
OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

==== Jan 2014 - San Jose @ F5====
OWASP Social Hour in San Jose - Wednesday 1/22/2013
Hosted by [http://www.f5.com/ F5]

==== Dec 2013 - San Francisco @ Twilio ====
OWASP Social Hour in San Francisco - Thursday 12/19/2013
Hosted by [http://www.twilio.com/ Twilio]

==== Nov 2013 - San Francisco @ LendingClub ====
OWASP Social Hour in Mountain View - Wednesday 11/6/13
Hosted by [https://www.lendingclub.com/ LendingClub]

==== Sept 2013 - Mt View @ Shape Security====
OWASP Social Hour in Mountain View - Wednesday 9/25/13
Hosted by [http://www.shapesecurity.com/ Shape Security]

==== July 2013 - Berkeley @ University of Berkely====
OWASP Presentation Meeting

* An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
* "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
*[mailto:teresa.ann.stevens2009@gmail.com Teresa Stevens]
*[mailto:cory@crazypenguin.com Cory Scott]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]

[[Category:California]]
[[Category:OWASP Chapter]]

Bay Area

2015-01-13T06:49:35Z

MichaelCoates: /* Past Events */

[[File:2015AppSecUSA-SF.png|400px|thumb|alt=Register Now!|link=https://2015.appsecusa.org]]
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= Next Event=
Wednesday, December 10, 2014 - San Francisco @ Mozilla

OWASP Chapter Meeting in San Francisco hosted by [https://www.mozilla.org/en-US/ Mozilla]<br>

[http://www.meetup.com/Bay-Area-OWASP/events/218988323/ RSVP on Meetup]<br>
====When====

* Wednesday, Dec 10
* 5:30 pm - 8:00 pm

====Where====

[https://goo.gl/maps/iQIKh Mozilla, 2 Harrison St, San Francisco, CA 94105]

====Agenda====

5:30-6:15 pm - Networking with Drinks & Food<br>
6:15-6:45 : Speaker: Jasvir Nagra, Google <br>
7:00-7:30 : Speaker: Sergey Shekyan & Bei Zhang, Shape Security <br>
7:30-8:00 : More food, drink, and security "hallway con"<br>

====Speakers====

* Jasvir Nagra, Google
* Sergey Shekyan & Bei Zhang, Shape Security

===== Jasvir Nagra, Google =====
'''Firing Bots at Bugs'''

It remains all too easy to find simple security vulnerabilities in many web applications. Why is it so hard to automatically find vulnerabilities when finding them manually remains so relatively easy? In this talk, we’ll share some of gotchas that we’ve run into scanning for web security bugs at Google, armed with a 'firing squad' of examples. We'll then walk through some of the solutions we've come up with, and finish up with a few unsolved problems which remain that really make web vulnerability scanning a hard (but fun!) problem to work on.

Jasvir Nagra is a security engineer at Google dedicated to making the web vulnerability-free. He has led the design and implementation of Caja, a pure JavaScript sandbox. Previously, he co-authored Surreptitious Software, a book on obfuscation, software watermarking and tamper-proofing; and built autonomous soccer-playing robots. These days he builds web application scanners that work at scale

===== Sergey Shekyan & Bei Zhang, Shape Security=====
'''Headless Browsers Hide and Seek'''

Headless browsers have become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to automatically interact with highly dynamic websites and to perform many types of automated attacks. This presentation will dive into headless browser detection and spoofing techniques.

Sergey Shekyan is a Principal Engineer at Shape Security, where he is focused on the development of the new generation web security product. Prior to Shape Security, he spent 4 years at Qualys developing their on demand web application vulnerability scanning service.

Bei Zhang is a Senior Software Engineer at Shape Security, focused on analysis and countermeasures of automatic web attacks. Previously, he worked at the Chrome team at Google with a focus on the Chrome Apps API. His interests include web security, source code analysis, and algorithms.
<br><br>
'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

http://www.eventbrite.com/rss/user_list_events/22961305858

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==

==== December 2014 - San Francisco @ Mozilla ====
OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>

* Jasvir Nagra, Google - Firing Bots at Bugs
* Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek

==== August 2014 - San Francisco @ Lookout ====
OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>

* Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
* Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application

==== May 2014 - Redwood City @ Evernote ====
OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>

* Arshad Noor - CTO, StrongAuth
* Rich Tener - Director of Security, Evernote

==== March 2014 - San Francisco @ Stripe ====
OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
Hosted by [https://stripe.com/ Stripe]<br>

==== Feb 2014 - San Jose @ Jillians ====
OWASP Developer Training & Social Hour - Monday 2/24/2013
Hosted by OWASP at Jillian's Billiards Club

==== Feb 2014 - Special Free Training Event ====
OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

==== Jan 2014 - San Jose @ F5====
OWASP Social Hour in San Jose - Wednesday 1/22/2013
Hosted by [http://www.f5.com/ F5]

==== Dec 2013 - San Francisco @ Twilio ====
OWASP Social Hour in San Francisco - Thursday 12/19/2013
Hosted by [http://www.twilio.com/ Twilio]

==== Nov 2013 - San Francisco @ LendingClub ====
OWASP Social Hour in Mountain View - Wednesday 11/6/13
Hosted by [https://www.lendingclub.com/ LendingClub]

==== Sept 2013 - Mt View @ Shape Security====
OWASP Social Hour in Mountain View - Wednesday 9/25/13
Hosted by [http://www.shapesecurity.com/ Shape Security]

==== July 2013 - Berkeley @ University of Berkely====
OWASP Presentation Meeting

* An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
* "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
*[mailto:teresa.ann.stevens2009@gmail.com Teresa Stevens]
*[mailto:cory@crazypenguin.com Cory Scott]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]

[[Category:California]]
[[Category:OWASP Chapter]]

December 10, 2014

2014-12-10T01:51:15Z

MichaelCoates: /* New Business */

December 10, 2014

2014-12-10T01:48:02Z

MichaelCoates: /* Old Business */

December 10, 2014

2014-12-10T01:43:57Z

MichaelCoates: /* Old Business */

December 10, 2014

2014-12-10T01:43:41Z

MichaelCoates: /* New Business */

December 10, 2014

2014-12-10T01:38:43Z

MichaelCoates: /* New Business */

Bay Area

2014-12-03T19:23:39Z

MichaelCoates: /* Sergey Shekyan & Bei Zhang, Shape Security */

[[File:2015AppSecUSA-SF.png|400px|thumb|alt=Register Now!|link=https://2015.appsecusa.org]]
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= Next Event=
Wednesday, December 10, 2014 - San Francisco @ Mozilla

OWASP Chapter Meeting in San Francisco hosted by [https://www.mozilla.org/en-US/ Mozilla]<br>

[http://www.meetup.com/Bay-Area-OWASP/events/218988323/ RSVP on Meetup]<br>
====When====

* Wednesday, Dec 10
* 5:30 pm - 8:00 pm

====Where====

[https://goo.gl/maps/iQIKh Mozilla, 2 Harrison St, San Francisco, CA 94105]

====Agenda====

5:30-6:15 pm - Networking with Drinks & Food<br>
6:15-6:45 : Speaker: Jasvir Nagra, Google <br>
7:00-7:30 : Speaker: Sergey Shekyan & Bei Zhang, Shape Security <br>
7:30-8:00 : More food, drink, and security "hallway con"<br>

====Speakers====

* Jasvir Nagra, Google
* Sergey Shekyan & Bei Zhang, Shape Security

===== Jasvir Nagra, Google =====
'''Firing Bots at Bugs'''

It remains all too easy to find simple security vulnerabilities in many web applications. Why is it so hard to automatically find vulnerabilities when finding them manually remains so relatively easy? In this talk, we’ll share some of gotchas that we’ve run into scanning for web security bugs at Google, armed with a 'firing squad' of examples. We'll then walk through some of the solutions we've come up with, and finish up with a few unsolved problems which remain that really make web vulnerability scanning a hard (but fun!) problem to work on.

Jasvir Nagra is a security engineer at Google dedicated to making the web vulnerability-free. He has led the design and implementation of Caja, a pure JavaScript sandbox. Previously, he co-authored Surreptitious Software, a book on obfuscation, software watermarking and tamper-proofing; and built autonomous soccer-playing robots. These days he builds web application scanners that work at scale

===== Sergey Shekyan & Bei Zhang, Shape Security=====
'''Headless Browsers Hide and Seek'''

Headless browsers have become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to automatically interact with highly dynamic websites and to perform many types of automated attacks. This presentation will dive into headless browser detection and spoofing techniques.

Sergey Shekyan is a Principal Engineer at Shape Security, where he is focused on the development of the new generation web security product. Prior to Shape Security, he spent 4 years at Qualys developing their on demand web application vulnerability scanning service.

Bei Zhang is a Senior Software Engineer at Shape Security, focused on analysis and countermeasures of automatic web attacks. Previously, he worked at the Chrome team at Google with a focus on the Chrome Apps API. His interests include web security, source code analysis, and algorithms.
<br><br>
'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

http://www.eventbrite.com/rss/user_list_events/22961305858

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==

==== August 2014 - San Francisco @ Lookout ====
OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>

* Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
* Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application

==== May 2014 - Redwood City @ Evernote ====
OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>

* Arshad Noor - CTO, StrongAuth
* Rich Tener - Director of Security, Evernote

==== March 2014 - San Francisco @ Stripe ====
OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
Hosted by [https://stripe.com/ Stripe]<br>

==== Feb 2014 - San Jose @ Jillians ====
OWASP Developer Training & Social Hour - Monday 2/24/2013
Hosted by OWASP at Jillian's Billiards Club

==== Feb 2014 - Special Free Training Event ====
OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

==== Jan 2014 - San Jose @ F5====
OWASP Social Hour in San Jose - Wednesday 1/22/2013
Hosted by [http://www.f5.com/ F5]

==== Dec 2013 - San Francisco @ Twilio ====
OWASP Social Hour in San Francisco - Thursday 12/19/2013
Hosted by [http://www.twilio.com/ Twilio]

==== Nov 2013 - San Francisco @ LendingClub ====
OWASP Social Hour in Mountain View - Wednesday 11/6/13
Hosted by [https://www.lendingclub.com/ LendingClub]

==== Sept 2013 - Mt View @ Shape Security====
OWASP Social Hour in Mountain View - Wednesday 9/25/13
Hosted by [http://www.shapesecurity.com/ Shape Security]

==== July 2013 - Berkeley @ University of Berkely====
OWASP Presentation Meeting

* An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
* "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
*[mailto:teresa.ann.stevens2009@gmail.com Teresa Stevens]
*[mailto:cory@crazypenguin.com Cory Scott]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]

[[Category:California]]
[[Category:OWASP Chapter]]

Bay Area

2014-12-03T19:23:20Z

MichaelCoates: /* Jasvir Nagra, Google */

[[File:2015AppSecUSA-SF.png|400px|thumb|alt=Register Now!|link=https://2015.appsecusa.org]]
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

[[File:OWASP-Bay-Area-Aug-2014.png]]

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications

= Next Event=
Wednesday, December 10, 2014 - San Francisco @ Mozilla

OWASP Chapter Meeting in San Francisco hosted by [https://www.mozilla.org/en-US/ Mozilla]<br>

[http://www.meetup.com/Bay-Area-OWASP/events/218988323/ RSVP on Meetup]<br>
====When====

* Wednesday, Dec 10
* 5:30 pm - 8:00 pm

====Where====

[https://goo.gl/maps/iQIKh Mozilla, 2 Harrison St, San Francisco, CA 94105]

====Agenda====

5:30-6:15 pm - Networking with Drinks & Food<br>
6:15-6:45 : Speaker: Jasvir Nagra, Google <br>
7:00-7:30 : Speaker: Sergey Shekyan & Bei Zhang, Shape Security <br>
7:30-8:00 : More food, drink, and security "hallway con"<br>

====Speakers====

* Jasvir Nagra, Google
* Sergey Shekyan & Bei Zhang, Shape Security

===== Jasvir Nagra, Google =====
'''Firing Bots at Bugs'''

It remains all too easy to find simple security vulnerabilities in many web applications. Why is it so hard to automatically find vulnerabilities when finding them manually remains so relatively easy? In this talk, we’ll share some of gotchas that we’ve run into scanning for web security bugs at Google, armed with a 'firing squad' of examples. We'll then walk through some of the solutions we've come up with, and finish up with a few unsolved problems which remain that really make web vulnerability scanning a hard (but fun!) problem to work on.

Jasvir Nagra is a security engineer at Google dedicated to making the web vulnerability-free. He has led the design and implementation of Caja, a pure JavaScript sandbox. Previously, he co-authored Surreptitious Software, a book on obfuscation, software watermarking and tamper-proofing; and built autonomous soccer-playing robots. These days he builds web application scanners that work at scale

===== Sergey Shekyan & Bei Zhang, Shape Security=====
Headless browsers have become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to automatically interact with highly dynamic websites and to perform many types of automated attacks. This presentation will dive into headless browser detection and spoofing techniques.

Sergey Shekyan is a Principal Engineer at Shape Security, where he is focused on the development of the new generation web security product. Prior to Shape Security, he spent 4 years at Qualys developing their on demand web application vulnerability scanning service.

Bei Zhang is a Senior Software Engineer at Shape Security, focused on analysis and countermeasures of automatic web attacks. Previously, he worked at the Chrome team at Google with a focus on the Chrome Apps API. His interests include web security, source code analysis, and algorithms.
<br><br>
'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''

= About OWASP Bay Area Chapter=
== Geographic Area of Bay Area Chapter ==

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

== Become a Presenter ==
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]

=== Notes about OWASP presentations ===
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

== Chapter Meetings ==

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

http://www.eventbrite.com/rss/user_list_events/22961305858

=== About Presentation Events ===
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

=== About OWASP Social Hours===
The purpose of the OWASP social gathering is:

* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
* Networking - meet other people in the field and industry
* After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact michael.coates@owasp.org

==Past Events==

==== August 2014 - San Francisco @ Lookout ====
OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>

* Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
* Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application

==== May 2014 - Redwood City @ Evernote ====
OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>

* Arshad Noor - CTO, StrongAuth
* Rich Tener - Director of Security, Evernote

==== March 2014 - San Francisco @ Stripe ====
OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
Hosted by [https://stripe.com/ Stripe]<br>

==== Feb 2014 - San Jose @ Jillians ====
OWASP Developer Training & Social Hour - Monday 2/24/2013
Hosted by OWASP at Jillian's Billiards Club

==== Feb 2014 - Special Free Training Event ====
OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

==== Jan 2014 - San Jose @ F5====
OWASP Social Hour in San Jose - Wednesday 1/22/2013
Hosted by [http://www.f5.com/ F5]

==== Dec 2013 - San Francisco @ Twilio ====
OWASP Social Hour in San Francisco - Thursday 12/19/2013
Hosted by [http://www.twilio.com/ Twilio]

==== Nov 2013 - San Francisco @ LendingClub ====
OWASP Social Hour in Mountain View - Wednesday 11/6/13
Hosted by [https://www.lendingclub.com/ LendingClub]

==== Sept 2013 - Mt View @ Shape Security====
OWASP Social Hour in Mountain View - Wednesday 9/25/13
Hosted by [http://www.shapesecurity.com/ Shape Security]

==== July 2013 - Berkeley @ University of Berkely====
OWASP Presentation Meeting

* An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
* "Putting Your Robots to Work", Twitter Security Team

==== Older Events ====
[[Bay Area Past Events]]

== Bay Area Chapter Leaders ==

*[[User:MichaelCoates | Michael Coates]]
*[mailto:teresa.ann.stevens2009@gmail.com Teresa Stevens]
*[mailto:cory@crazypenguin.com Cory Scott]

= Stay In Touch =
* All events will be listed on this webpage
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]

[[Category:California]]
[[Category:OWASP Chapter]]

International Toll Free Calling Information

2014-12-03T17:50:41Z

MichaelCoates:

'''Access Code: 184-789-686'''

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

Argentina (toll-free): 0 800 444 3375

Austria: +43 (0) 7 2088 1047

Austria (toll-free): 0 800 202148

Australia: +61 2 8355 1020

Australia (toll-free): 1 800 193 385

Belgium: +32 (0) 28 08 4368

Belgium (toll-free): 0 800 26116

Brazil (toll-free): 0 800 047 4906

Belarus (toll-free): 8 820 0011 0214

Canada: +1 (647) 497-9353

Canada (toll-free): 1 888 455 1389

Switzerland: +41 (0) 435 0167 13

Switzerland (toll-free): 0 800 740 393

China (toll-free): 4008 811084

Czech Republic (toll-free): 800 500448

Germany: +49 (0) 811 8899 6903

Germany (toll-free): 0 800 184 4222

Denmark: +45 (0) 69 91 89 28

Denmark (toll-free): 8090 1924

Spain: +34 911 82 9906

Spain (toll-free): 800 900 582

Finland: +358 (0) 942 59 7850

Finland (toll-free): 0 800 94507

France: +33 (0) 170 950 594

France (toll-free): 0 805 541 047

United Kingdom: +44 (0) 20 7151 1853

United Kingdom (toll-free): 0 808 168 0229

Hong Kong SAR China (toll-free): 30713169

Indonesia (toll-free): 007 803 011 0395

Ireland: +353 (0) 19 030 010

Ireland (toll-free): 1 800 946 538

Israel (toll-free): 1 809 212 875

India (toll-free): 000 800 100 7855

Iceland (toll-free): 800 9869

Italy: +39 0 247 92 13 01

Italy (toll-free): 800 906959

Japan (toll-free): 0 120 663 800

Luxembourg (toll-free): 800 22104

Mexico (toll-free): 01 800 925 0372

Malaysia (toll-free): 1 800 81 6851

Netherlands: +31 (0) 208 080 219

Netherlands (toll-free): 0 800 265 8469

Norway: +47 75 80 32 07

New Zealand: +64 (0) 9 280 6302

New Zealand (toll-free): 0 800 47 0011

Panama (toll-free): 00 800 226 8832

Peru (toll-free): 0 800 54682

Philippines (toll-free): 1 800 1651 0716

Poland (toll-free): 00 800 1213979

Portugal (toll-free): 800 784 461

Russia (toll-free): 810 800 29674011

Sweden: +46 (0) 852 500 186

Sweden (toll-free): 020 980 772

Singapore (toll-free): 800 101 2992

Thailand (toll-free): 001 800 658 131

Taiwan (toll-free): 0 800 666 854

Ukraine (toll-free): 0 800 50 0641

United States: +1 (224) 649-0001

United States (toll-free): 1 877 309 2073

Uruguay (toll-free): 000 413 598 4110

Vietnam (toll-free): 120 32 153

South Africa (toll-free): 0 800 555 447

'''Access Code: 184-789-686'''
Audio PIN: Shown after joining the meeting

Meeting ID: 184-789-686