OWASP - User contributions [en]

Bay Area

2009-06-02T17:44:53Z

Robipapp: /* RSVP */

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

==== Local News ====
<paypal>Bay Area</paypal>

==== Chapter Meetings ====
='''Bold text'''=Date and Location==

OWASP Meeting
Monday, June 22nd * 5:30 pm
San Francisco Federal Reserve Bank Office

OWASP Bay Area will host its next meeting at the Federal Reserve Bank of San Francisco on Monday, June 22nd. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

'''
Please note, because of high security measures at the Federal Reserve Bank, pre-registration is REQUIRED, so you can be issued a badge before entering the meeting'''.

http://www.eventbrite.com/event/355543440

==Speakers==

Presentation
This presentation will detail auditing and development techniques for exploits that target mobile phones with a heavy emphasis on threats that come from the web. Windows mobile and Google Android devices that will target the auditing and exploit discovery.

About the Speaker
Mr. Maynor has a strong background in application security, reverse engineering and exploit development. Before joining Accuvant, Dave cofounded Errata Security - a think tank organization that specializes in rapid application development and security research. Prior to Errata, Dave was the Senior Researcher for Secureworks and a research engineer with the ISS X-Force R&D team. A well recognized personality in the information security world, Dave is a popular author and has been featured in multiple publications over the last several years including Fox News, CNN, the Associated Press, Security Focus and a multitude of other information security news sources. Dave has been both a primary and contributing author to several industry leading security books including: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, Syngress Force Emerging Threat Analysis: From Mischief to Malicious, and War Driving and Wireless Penetration Testing.
Presentation

Analyzing Web Malware
In this presentation, the state of Internet security will be discussed and some of the techniques and tools used to analyze Javascript will be reviewed. There will be a use case review of gumblar.cn, which successfully injected redirects into upwards of 3,000 websites.

Speaker
Jeremy Brotherton - Websense

==RSVP==
'''REGISTER EARLY AS SEATING IS LIMITED'''

http://www.eventbrite.com/event/355543440

=Bay Area Past Events=
[[Bay Area Past Events]]

==== Bay Area OWASP Chapter Leaders ====
*[mailto:brian@appsecconsulting.com Brian Bertacini]
*[http://garrettgee.com Garrett Gee]
*[mailto:mandeep@cenzic.com Mandeep Khera]
*[mailto:robipapp@yahoo.com Robi Papp]
__NOTOC__
<headertabs/>

Bay Area

2009-06-02T17:44:17Z

Robipapp: /* Date and Location */

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

==== Local News ====
<paypal>Bay Area</paypal>

==== Chapter Meetings ====
='''Bold text'''=Date and Location==

OWASP Meeting
Monday, June 22nd * 5:30 pm
San Francisco Federal Reserve Bank Office

OWASP Bay Area will host its next meeting at the Federal Reserve Bank of San Francisco on Monday, June 22nd. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

'''
Please note, because of high security measures at the Federal Reserve Bank, pre-registration is REQUIRED, so you can be issued a badge before entering the meeting'''.

http://www.eventbrite.com/event/355543440

==Speakers==

Presentation
This presentation will detail auditing and development techniques for exploits that target mobile phones with a heavy emphasis on threats that come from the web. Windows mobile and Google Android devices that will target the auditing and exploit discovery.

About the Speaker
Mr. Maynor has a strong background in application security, reverse engineering and exploit development. Before joining Accuvant, Dave cofounded Errata Security - a think tank organization that specializes in rapid application development and security research. Prior to Errata, Dave was the Senior Researcher for Secureworks and a research engineer with the ISS X-Force R&D team. A well recognized personality in the information security world, Dave is a popular author and has been featured in multiple publications over the last several years including Fox News, CNN, the Associated Press, Security Focus and a multitude of other information security news sources. Dave has been both a primary and contributing author to several industry leading security books including: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, Syngress Force Emerging Threat Analysis: From Mischief to Malicious, and War Driving and Wireless Penetration Testing.
Presentation

Analyzing Web Malware
In this presentation, the state of Internet security will be discussed and some of the techniques and tools used to analyze Javascript will be reviewed. There will be a use case review of gumblar.cn, which successfully injected redirects into upwards of 3,000 websites.

Speaker
Jeremy Brotherton - Websense

==RSVP==
'''REGISTER EARLY AS SEATING IS LIMITED'''

Please RSVP at http://bayareaowasp.eventbrite.com

=Bay Area Past Events=
[[Bay Area Past Events]]

==== Bay Area OWASP Chapter Leaders ====
*[mailto:brian@appsecconsulting.com Brian Bertacini]
*[http://garrettgee.com Garrett Gee]
*[mailto:mandeep@cenzic.com Mandeep Khera]
*[mailto:robipapp@yahoo.com Robi Papp]
__NOTOC__
<headertabs/>

Bay Area

2009-06-02T17:37:34Z

Robipapp: /* Speakers */

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

==== Local News ====
<paypal>Bay Area</paypal>

==== Chapter Meetings ====
==Date and Location==
'''March 18th @ 6PM - Gap Inc'''
Conference Center C
2 Folsom Street,
San Francisco , CA 94105

OWASP Bay Area will host its next meeting at Gap Inc in San Francisco on Wednesday, March 18th. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

Special thanks to Gap Inc for hosting this event and to ___, ___ for sponsoring.

OWASP Meeting
Monday, June 22nd * 5:30 pm
San Francisco Federal Reserve Bank Office

==Speakers==

Presentation
This presentation will detail auditing and development techniques for exploits that target mobile phones with a heavy emphasis on threats that come from the web. Windows mobile and Google Android devices that will target the auditing and exploit discovery.

About the Speaker
Mr. Maynor has a strong background in application security, reverse engineering and exploit development. Before joining Accuvant, Dave cofounded Errata Security - a think tank organization that specializes in rapid application development and security research. Prior to Errata, Dave was the Senior Researcher for Secureworks and a research engineer with the ISS X-Force R&D team. A well recognized personality in the information security world, Dave is a popular author and has been featured in multiple publications over the last several years including Fox News, CNN, the Associated Press, Security Focus and a multitude of other information security news sources. Dave has been both a primary and contributing author to several industry leading security books including: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, Syngress Force Emerging Threat Analysis: From Mischief to Malicious, and War Driving and Wireless Penetration Testing.
Presentation

Analyzing Web Malware
In this presentation, the state of Internet security will be discussed and some of the techniques and tools used to analyze Javascript will be reviewed. There will be a use case review of gumblar.cn, which successfully injected redirects into upwards of 3,000 websites.

Speaker
Jeremy Brotherton - Websense

==RSVP==
'''REGISTER EARLY AS SEATING IS LIMITED'''

Please RSVP at http://bayareaowasp.eventbrite.com

=Bay Area Past Events=
[[Bay Area Past Events]]

==== Bay Area OWASP Chapter Leaders ====
*[mailto:brian@appsecconsulting.com Brian Bertacini]
*[http://garrettgee.com Garrett Gee]
*[mailto:mandeep@cenzic.com Mandeep Khera]
*[mailto:robipapp@yahoo.com Robi Papp]
__NOTOC__
<headertabs/>

Bay Area

2009-06-02T17:36:53Z

Robipapp: /* Agenda */

{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}

==== Local News ====
<paypal>Bay Area</paypal>

==== Chapter Meetings ====
==Date and Location==
'''March 18th @ 6PM - Gap Inc'''
Conference Center C
2 Folsom Street,
San Francisco , CA 94105

OWASP Bay Area will host its next meeting at Gap Inc in San Francisco on Wednesday, March 18th. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

Special thanks to Gap Inc for hosting this event and to ___, ___ for sponsoring.

OWASP Meeting
Monday, June 22nd * 5:30 pm
San Francisco Federal Reserve Bank Office

==Speakers==

'''Back to the Future - Phishing and Malware''' by Brendan O’Conner, Saleforce.com

Abstract: The more things change, the more they stay the same. We'll take a trip back in time to look at the phishing and anti-malware solutions of the past. Why did they fail? With companies investing hundreds of thousands of dollars or more in these solutions, what does the future of this space look like and what tricks can you apply to stay one step ahead?

Bio: Brendan O'Connor is originally from the Midwest , currently residing in the Bay Area as a security engineer . He worked in security for a communications company for four years before switching to the financial sector in 2004 and onto Software as a Service in 2008. Brendan currently works on the Product Security team at Salesforce.com, where his duties include vulnerability research, security architecture, and application security.

'''Testing Methodologies: White-box, Gray-Box, Black-box or Something Else''' by Kirk Greene, Accuvant

Abstract: In this presentation we will discuss the different testing methodologies used when assessing the security of both binary applications as well as web-based applications. We will focus on the differences and advantages as they relate to black-box testing, white-box testing, gray-box testing, reverse engineering, and fuzzing. Unfortunately there is no one testing methodology that provides the best balance of time and accuracy for every application, in this talk we will provide metrics for helping decide what methodology should be used for what types of applications.

Bio: Kirk has been providing security consulting services for over a decade. Through that time Kirk has served clients in a variety of industries including federal and local government, healthcare, financial services, telecommunications, e-Commerce, fuel and natural gases, manufacturing, application service providers, gaming, Internet start-ups, and Internet service providers. In his tenure with Accuvant, Kirk has performed a variety of consulting and managerial responsibilities from developing and performing financial institution regulation audits to managing performing enterprise assessments for multi-national corporations. Kirk is a Certified Information Systems Security Professional (CISSP), ISS Certified Engineer, PCI Qualified Data Security Professional (QDSP), Qualified Payment Application Security Professional (QPASP).

==RSVP==
'''REGISTER EARLY AS SEATING IS LIMITED'''

Please RSVP at http://bayareaowasp.eventbrite.com

=Bay Area Past Events=
[[Bay Area Past Events]]

==== Bay Area OWASP Chapter Leaders ====
*[mailto:brian@appsecconsulting.com Brian Bertacini]
*[http://garrettgee.com Garrett Gee]
*[mailto:mandeep@cenzic.com Mandeep Khera]
*[mailto:robipapp@yahoo.com Robi Papp]
__NOTOC__
<headertabs/>

Bay Area

2008-01-11T04:09:00Z

Robipapp:

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

'''January, 24th @ 6PM - PG&E Building'''

OWASP Bay Area will host its next meeting at the Pacific Gas & Electric on Thursday, January 24. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

'''Agenda and Presentations:'''

6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)

6:30pm - 7:15pm ... ''Securing Flash® & Flex® Applications'' – Erick Lee, Adobe Systems

7:15pm - 8:00pm ... ''Application Security and PCI Compliance'' – Jim Cowing, Digital Resource Group

8:00pm - 8:30pm ... Networking Session

'''Venue:'''
Pacific Gas & Electric
245 Market Street
San Francisco, CA 94105

''Securing Flash and Flex Applications''

'''Presented by:''' Erick Lee, Adobe Systems

''Application Security and PCI Compliance''

'''Presented by:''' James Cowing, CPA, CISSP, QSA, QPASP, Managing Director, Digital Resource Group

'''Abstract:''' Application security has greatly influenced the Payment Card Industry’s (PCI) efforts to reduce risk through the Data Security Standards. This talk will give you real world experiences on how organizations are addressing the application security requirements and what is coming in the near future. Topics will include:

· PCI DSS Requirement 6: “Develop and maintain secure systems and applications” (with special attention to the June 30th deadline for Application firewalls)

· How the new Payment Application Data Security Standard (PA-DSS) reported to release this calendar quarter effects merchants, service providers and the application development community

· Requirements for testing including application-layer penetration tests

'''Bio:''' As the original founder of DRG in 1997, James Cowing leads DRG's Information Security Consulting practice. With over ten years of security consulting experience and twenty years of financial services industry experience, Mr. Cowing has helped thousands of government, financial services, ecommerce, enterprise, and health care companies maneuver through the often complex and stringent security compliance requirements of their respective industry. Mr. Cowing is a seasoned payment card industry professional, renowned speaker and trusted security advisor to industry leading financial institutions, merchants, and service providers. He holds a CPA certification in California and Hawaii, an MBA in Finance and a BA from UCLA in Economics. Mr. Cowing served as the co-chair of the Security Committee for the Financial Services Technology Consortium (FSTC) and is currently a member of ISACA, ISSA, Computer Security Institute and the American Institute of Certified Public Accountants (AICPA) Information Technology Division.

Please RSVP by responding to this email or visit ''http://owaspjan2008.eventbrite.com''

Special thanks to Pacific Gas & Electric for hosting this event.

Bay Area

2008-01-11T04:08:42Z

Robipapp:

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

'''January, 24th @ 6PM - PG&E Building'''

OWASP Bay Area will host its next meeting at the Pacific Gas & Electric on Thursday, January 24. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

'''Agenda and Presentations:'''
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)

6:30pm - 7:15pm ... ''Securing Flash® & Flex® Applications'' – Erick Lee, Adobe Systems

7:15pm - 8:00pm ... ''Application Security and PCI Compliance'' – Jim Cowing, Digital Resource Group

8:00pm - 8:30pm ... Networking Session

'''Venue:'''
Pacific Gas & Electric
245 Market Street
San Francisco, CA 94105

''Securing Flash and Flex Applications''

'''Presented by:''' Erick Lee, Adobe Systems

''Application Security and PCI Compliance''

'''Presented by:''' James Cowing, CPA, CISSP, QSA, QPASP, Managing Director, Digital Resource Group

'''Abstract:''' Application security has greatly influenced the Payment Card Industry’s (PCI) efforts to reduce risk through the Data Security Standards. This talk will give you real world experiences on how organizations are addressing the application security requirements and what is coming in the near future. Topics will include:

· PCI DSS Requirement 6: “Develop and maintain secure systems and applications” (with special attention to the June 30th deadline for Application firewalls)

· How the new Payment Application Data Security Standard (PA-DSS) reported to release this calendar quarter effects merchants, service providers and the application development community

· Requirements for testing including application-layer penetration tests

'''Bio:''' As the original founder of DRG in 1997, James Cowing leads DRG's Information Security Consulting practice. With over ten years of security consulting experience and twenty years of financial services industry experience, Mr. Cowing has helped thousands of government, financial services, ecommerce, enterprise, and health care companies maneuver through the often complex and stringent security compliance requirements of their respective industry. Mr. Cowing is a seasoned payment card industry professional, renowned speaker and trusted security advisor to industry leading financial institutions, merchants, and service providers. He holds a CPA certification in California and Hawaii, an MBA in Finance and a BA from UCLA in Economics. Mr. Cowing served as the co-chair of the Security Committee for the Financial Services Technology Consortium (FSTC) and is currently a member of ISACA, ISSA, Computer Security Institute and the American Institute of Certified Public Accountants (AICPA) Information Technology Division.

Please RSVP by responding to this email or visit ''http://owaspjan2008.eventbrite.com''

Special thanks to Pacific Gas & Electric for hosting this event.

Bay Area

2008-01-11T04:05:50Z

Robipapp: /* Thursday, January, 24th*/

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

'''January, 24th @ 6PM - PG&E Building'''

OWASP Bay Area will host its next meeting at the Pacific Gas & Electric on Thursday, January 24. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

'''Agenda and Presentations:'''
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)
6:30pm - 7:15pm ... ''Securing Flash® & Flex® Applications'' – Erick Lee, Adobe Systems
7:15pm - 8:00pm ... ''Application Security and PCI Compliance'' – Jim Cowing, Digital Resource Group
8:00pm - 8:30pm ... Networking Session

'''Venue:'''
Pacific Gas & Electric
245 Market Street
San Francisco, CA 94105

''Securing Flash and Flex Applications''

'''Presented by:''' Erick Lee, Adobe Systems

''Application Security and PCI Compliance''

'''Presented by:''' James Cowing, CPA, CISSP, QSA, QPASP, Managing Director, Digital Resource Group

'''Abstract:''' Application security has greatly influenced the Payment Card Industry’s (PCI) efforts to reduce risk through the Data Security Standards. This talk will give you real world experiences on how organizations are addressing the application security requirements and what is coming in the near future. Topics will include:

· PCI DSS Requirement 6: “Develop and maintain secure systems and applications” (with special attention to the June 30th deadline for Application firewalls)

· How the new Payment Application Data Security Standard (PA-DSS) reported to release this calendar quarter effects merchants, service providers and the application development community

· Requirements for testing including application-layer penetration tests

'''Bio:''' As the original founder of DRG in 1997, James Cowing leads DRG's Information Security Consulting practice. With over ten years of security consulting experience and twenty years of financial services industry experience, Mr. Cowing has helped thousands of government, financial services, ecommerce, enterprise, and health care companies maneuver through the often complex and stringent security compliance requirements of their respective industry. Mr. Cowing is a seasoned payment card industry professional, renowned speaker and trusted security advisor to industry leading financial institutions, merchants, and service providers. He holds a CPA certification in California and Hawaii, an MBA in Finance and a BA from UCLA in Economics. Mr. Cowing served as the co-chair of the Security Committee for the Financial Services Technology Consortium (FSTC) and is currently a member of ISACA, ISSA, Computer Security Institute and the American Institute of Certified Public Accountants (AICPA) Information Technology Division.

Please RSVP by responding to this email or visit ''http://owaspjan2008.eventbrite.com''

Special thanks to Pacific Gas & Electric for hosting this event.

Bay Area

2008-01-11T04:04:12Z

Robipapp: /* Thursday, January, 24th*/

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

'''NEXT EVENT: January, 24th @ 6PM - PG&E Building'''

OWASP Bay Area will host its next meeting at the Pacific Gas & Electric on Thursday, January 24. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

'''Agenda and Presentations:'''
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)
6:30pm - 7:15pm ... ''Securing Flash® & Flex® Applications'' – Erick Lee, Adobe Systems
7:15pm - 8:00pm ... ''Application Security and PCI Compliance'' – Jim Cowing, Digital Resource Group
8:00pm - 8:30pm ... Networking Session

'''Venue:'''
Pacific Gas & Electric
245 Market Street
San Francisco, CA 94105

''Securing Flash and Flex Applications''

'''Presented by:''' Erick Lee, Adobe Systems

''Application Security and PCI Compliance''

'''Presented by:''' James Cowing, CPA, CISSP, QSA, QPASP, Managing Director, Digital Resource Group

'''Abstract:''' Application security has greatly influenced the Payment Card Industry’s (PCI) efforts to reduce risk through the Data Security Standards. This talk will give you real world experiences on how organizations are addressing the application security requirements and what is coming in the near future. Topics will include:

· PCI DSS Requirement 6: “Develop and maintain secure systems and applications” (with special attention to the June 30th deadline for Application firewalls)

· How the new Payment Application Data Security Standard (PA-DSS) reported to release this calendar quarter effects merchants, service providers and the application development community

· Requirements for testing including application-layer penetration tests

'''Bio:''' As the original founder of DRG in 1997, James Cowing leads DRG's Information Security Consulting practice. With over ten years of security consulting experience and twenty years of financial services industry experience, Mr. Cowing has helped thousands of government, financial services, ecommerce, enterprise, and health care companies maneuver through the often complex and stringent security compliance requirements of their respective industry. Mr. Cowing is a seasoned payment card industry professional, renowned speaker and trusted security advisor to industry leading financial institutions, merchants, and service providers. He holds a CPA certification in California and Hawaii, an MBA in Finance and a BA from UCLA in Economics. Mr. Cowing served as the co-chair of the Security Committee for the Financial Services Technology Consortium (FSTC) and is currently a member of ISACA, ISSA, Computer Security Institute and the American Institute of Certified Public Accountants (AICPA) Information Technology Division.

Please RSVP by responding to this email or visit ''http://owaspjan2008.eventbrite.com''

Special thanks to Pacific Gas & Electric for hosting this event.

Bay Area

2007-10-02T16:55:49Z

Robipapp:

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

== Thursday, October 4th ==

'''Agenda and Presentations:'''

6:00pm – 6:30pm Check-in and Reception (food and beverages)

6:30pm – 7:15pm "ModSecurity - Open Source Web Application Firewall" - Ivan Rustic

7:15pm – 7:30pm Break & Networking Session

7:30pm – 8:15pm "An Analysis of Emerging Security Vulnerabilities & the Impact to Business" - Neil Daswani

8:15pm – 8:30pm Q & A

'''Venue:'''

Golden Gate University
Room 2203
536 Mission Street
(Between 1st & 2nd Streets or Montgomery Street BART Station)
San Francisco, CA 94105-2968

Please RSVP through this link: http://www.eventbrite.com/event/74194919:

''
“Open Source Web Application Firewall”'' by Ivan Rustic

'''Bio:'''
If we hear so much about web application firewalls and their role as a first line of defense in protecting our web applications, a large amount of credit has to go to Ivan Ristic. Ivan Ristic is the creator of ModSecurity (an open source web application firewall and intrusion detection/prevention engine). He started playing in the webappsec space sometime around 2002 and working seriously since 2004. Based out of London, UK, he works for Breach Security. He is currently in charge of the ModSecurity product line, which includes ModSecurity, sensor appliances based around it and management appliances. Ivan also wrote Apache Security for O'Reilly, a web security guide for administrators, system architects, and programmers. Prior to web application security, he has worked as a developer, system architect and technical director in the software development industry.
''
“An Analysis of Emerging Security Vulnerabilities & the Impact to Business”'' by Neil Daswani

'''Abstract:'''
This talk discusses how IT professionals can go about learning what they need to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. It will review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend against them. It will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, it will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.

'''Bio:'''
Neil has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University , and earned a bachelor's in computer science with honors with distinction from Columbia University.

Bay Area

2007-09-15T00:43:19Z

Robipapp: /* Thursday, October 4th */

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

== Thursday, October 4th ==

'''Agenda and Presentations:'''

6:00pm – 6:30pm Check-in and Reception (food and beverages)

6:30pm – 7:15pm Fuzzing vs. Static Analysis - Jacob West

7:15pm – 7:30pm Break & Networking Session

7:30pm – 8:15pm An Analysis of Emerging Security Vulnerabilities & the Impact to Business - Neil Daswani

8:15pm – 8:30pm Q & A

'''Venue:'''

Golden Gate University
Room 2203
536 Mission Street
(Between 1st & 2nd Streets or Montgomery Street BART Station)
San Francisco, CA 94105-2968

Please RSVP through this link: http://www.eventbrite.com/event/74194919:

''
“Fuzzing vs. Static Analysis”'' by Jacob West

'''Abstract:'''
This talk discusses how fuzzing and other runtime testing techniques are great at finding certain kinds of bugs. The trick is, effective fuzzing requires a lot of customization. The fuzzer needs to understand the protocol being spoken, anticipate the kinds of things that could go wrong in the program, and have some way to judge whether or not the program has gone into a tailspin. Get this setup wrong, and you end up fuzzing the wrong thing, exercising and re-exercising trivial paths through the program, or just plain missing bugs. Fuzzing effectively takes a lot of customization and a lot of time.
The presentation will propose a series of techniques for customizing static, rather than dynamic, tools that will let you find more and better-quality bugs than you ever thought possible. The talk concludes with the results of an experiment we conducted on open-source code to compare the effectiveness of fuzzing and static analysis at finding a known-set of security bugs.

'''Bio:'''
Jacob manages Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, "Secure Programming with Static Analysis," which was released in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.
''
“An Analysis of Emerging Security Vulnerabilities & the Impact to Business”'' by Neil Daswani

'''Abstract:'''
This talk discusses how IT professionals can go about learning what they need to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. It will review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend against them. It will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, it will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.

'''Bio:'''
Neil has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University , and earned a bachelor's in computer science with honors with distinction from Columbia University.

Bay Area

2007-09-15T00:42:03Z

Robipapp: /* Thursday, October 4th */

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

== Thursday, October 4th ==

'''Agenda and Presentations:'''

6:00pm – 6:30pm Check-in and Reception (food and beverages)

6:30pm – 7:15pm Fuzzing vs. Static Analysis - Jacob West

7:15pm – 7:30pm Break & Networking Session

7:30pm – 8:15pm An Analysis of Emerging Security Vulnerabilities & the Impact to Business - Neil Daswani

8:15pm – 8:30pm Q & A

'''Venue:'''

Golden Gate University
Room 2203
536 Mission Street
(Between 1st & 2nd Streets or Montgomery Street BART Station)
San Francisco, CA 94105-2968

Please RSVP through this link: http://www.eventbrite.com/event/74194919:

''
“Fuzzing vs. Static Analysis”'' by Jacob West

'''Abstract:'''
This talk discusses how fuzzing and other runtime testing techniques are great at finding certain kinds of bugs. The trick is, effective fuzzing requires a lot of customization. The fuzzer needs to understand the protocol being spoken, anticipate the kinds of things that could go wrong in the program, and have some way to judge whether or not the program has gone into a tailspin. Get this setup wrong, and you end up fuzzing the wrong thing, exercising and re-exercising trivial paths through the program, or just plain missing bugs. Fuzzing effectively takes a lot of customization and a lot of time.
The presentation will propose a series of techniques for customizing static, rather than dynamic, tools that will let you find more and better-quality bugs than you ever thought possible. The talk concludes with the results of an experiment we conducted on open-source code to compare the effectiveness of fuzzing and static analysis at finding a known-set of security bugs.

'''Bio:'''
Jacob manages Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, "Secure Programming with Static Analysis," which was released in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.
''
“An Analysis of Emerging Security Vulnerabilities & the Impact to Business”'' by Neil Daswani

'''Abstract:'''
This talk discusses how IT professionals can go about learning what they need
to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. It will review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend
against them. It will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, it will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.

'''Bio:'''
Neil has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University , and earned a bachelor's in computer science with honors with distinction from Columbia University.

Bay Area

2007-09-15T00:31:19Z

Robipapp:

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

== Thursday, October 4th ==

'''Agenda and Presentations:'''

6:00pm – 6:30pm Check-in and Reception (food and beverages)

6:30pm – 7:15pm Fuzzing vs. Static Analysis - Jacob West

7:15pm – 7:30pm Break & Networking Session

7:30pm – 8:15pm An Analysis of Emerging Security Vulnerabilities & the Impact to Business - Neil Daswani

8:15pm – 8:30pm Q & A

'''Venue:'''

Golden Gate University
Room 2203
536 Mission Street
(Between 1st & 2nd Streets or Montgomery Street BART Station)
San Francisco, CA 94105-2968

Please RSVP through this link: http://www.eventbrite.com/event/74194919:

''
“Fuzzing vs. Static Analysis”'' by Jacob West

'''Abstract:'''
This talk discusses how fuzzing and other runtime testing techniques are great at finding certain kinds of bugs. The trick is, effective fuzzing requires a lot of customization. The fuzzer needs to understand the protocol being spoken, anticipate the kinds of things that could go wrong in the program, and have some way to judge whether or not the program has gone into a tailspin. Get this setup wrong, and you end up fuzzing the wrong thing, exercising and re-exercising trivial paths through the program, or just plain missing bugs. Fuzzing effectively takes a lot of customization and a lot of time.
The presentation will propose a series of techniques for customizing static, rather than dynamic, tools that will let you find more and better-quality bugs than you ever thought possible. The talk concludes with the results of an experiment we conducted on open-source code to compare the effectiveness of fuzzing and static analysis at finding a known-set of security bugs.

'''Bio:'''
Jacob manages Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, "Secure Programming with Static Analysis," which was released in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.
''
“An Analysis of Emerging Security Vulnerabilities & the Impact to Business”'' by Neil Daswani

'''Abstract:'''
This talk discusses how IT professionals can go about learning what they need
to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. It will review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend
against them. It will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, it will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.

'''Bio:'''
Neil has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University , and earned a bachelor's in computer science with honors with distinction from Columbia University

Bay Area

2007-09-14T23:47:44Z

Robipapp: /* Next Chapter Meeting: Thursday October 4th */

{{Chapter Template|chaptername=San Francisco|extra=The chapter leader is [mailto:robipapp@yahoo.com Robi Papp]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-sanfran|emailarchives=http://lists.owasp.org/pipermail/owasp-sanfran}}

NEXT EVENT:

==
Thursday, October 4th ==

'''Agenda and Presentations:'''

6:00pm – 6:30pm Check-in and Reception (food and beverages)

6:30pm – 7:15pm Fuzzing vs. Static Analysis - Jacob West

7:15pm – 7:30pm Break & Networking Session

7:30pm – 8:15pm An Analysis of Emerging Security Vulnerabilities & the Impact to Business - Neil Daswani

8:15pm – 8:30pm Q & A

'''
Venue:'''

Golden Gate University
Room 2203
536 Mission Street
(Between 1st & 2nd Streets or Montgomery Street BART Station)
San Francisco, CA 94105-2968

''
“Fuzzing vs. Static Analysis”'' by Jacob West

'''Abstract:'''
This talk discusses how fuzzing and other runtime testing techniques are great at finding certain kinds of bugs. The trick is, effective fuzzing requires a lot of customization. The fuzzer needs to understand the protocol being spoken, anticipate the kinds of things that could go wrong in the program, and have some way to judge whether or not the program has gone into a tailspin. Get this setup wrong, and you end up fuzzing the wrong thing, exercising and re-exercising trivial paths through the program, or just plain missing bugs. Fuzzing effectively takes a lot of customization and a lot of time.
The presentation will propose a series of techniques for customizing static, rather than dynamic, tools that will let you find more and better-quality bugs than you ever thought possible. The talk concludes with the results of an experiment we conducted on open-source code to compare the effectiveness of fuzzing and static analysis at finding a known-set of security bugs.

'''Bio:'''
Jacob manages Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, "Secure Programming with Static Analysis," which was released in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.
''
“An Analysis of Emerging Security Vulnerabilities & the Impact to Business”'' by Neil Daswani

'''Abstract:'''
This talk discusses how IT professionals can go about learning what they need
to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. It will review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend
against them. It will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, it will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.

'''Bio:'''
Neil has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University , and earned a bachelor's in computer science with honors with distinction from Columbia University