==== When ====

16 March 2012 12:30 - 14:00

==== Where ====

ANZ, 833 Collins St, Docklands, Melbourne VIC 3008

Room Location: Core C

Please ask about OWASP at reception and they will direct you to the room (room: Core C).

The easiest way to get there is to hop on the tram number 48 or 11, on Collins St and go right to the end of Collins. Alternatively, walk down Collins St this is a walking distance . This will be the last stop.

 

==== Speaker ====

Andrew van der Stock

 

==== Topic ====

'''Die passwords, die!'''

It's 2012, and we're still getting passwords so very, very wrong.

Why do users choose ridiculous passwords? Marvel at real world stats!
Why do organisations allow ridiculous passwords? Cringe at the excuses!
Why do business owners prevent better choices? Rage against the status quo!
Why do risk managers resist the completely obvious? A supply of 2x4's will not be available because you cannot be trusted with the truth
Why do developers code the same bad patterns again and again? Rubber hoses will not be available for public safety reasons
Why do security professionals allow this to continue? We suck. We have failed. This failure will keep us paid until we retire.

Or will it?

If this was the real world, this is finger painting where getting paint on your face, the walls, your clothes, and in your hair is deemed a job well done.

This talk will go through the human factors relating to password security, and what can be done about it.

 

==== About the speaker ====
Andrew van der Stock is a member of the OWASP Global Chapter Committee. He has been working in the InfoSec Community in Australia and globally since 1998 and has established himself as highly respected consultant in Australia and in the USA. Andrew devotes much of his limited personal time to industry open source projects such as OWASP, and was the lead and author of some of the most used OWASP materials out there - OWASP Developer Guide 2.0, OWASP Top 10 2007, and is currently interested in helping the Application Security Verification Standard.
Andrew has performed security architecture, code reviews, software assurance, risk management, written policy, and performed penetration testing for clients in Australia and the USA for more than twelve years.
Andrew has returned from the USA in 2009 after consulting for global Fortune 500 organizations in over 25 states. Andrew has taught more than a thousand developers in AsiaPac and in the USA. He is an in demand speaker, with appearances at Ruxcon, Black Hat, OSCON, SAGE-AU, AusCERT, linux.conf.au and OWASP AU and OWASP EU, he is seen as an authoritative source in software security, penetration testing and Policy & Governance. He is currently without a job, which is annoying, so if you want to help keep his daughter in Thomas the Tank Engine rides and cats in the luxurious lifestyle they are used to, please say hi at the meeting.

 

Hope to see you all there.

 OWASP Melbourne :)

Melbourne

2012-03-14T15:18:57Z

Serg: /* Quarterly Meeting */

Melbourne

2012-03-14T15:18:14Z

Serg: /* Quarterly Meeting */

Melbourne

2012-03-14T15:18:00Z

Serg: /* Quarterly Meeting */

Melbourne/meetings/09dec2011

2011-12-05T12:38:19Z

Serg:

==== When ====

09 December 2011 14:00 - 16:00

==== Where ====

ANZ, 833 Collins St, Docklands, Melbourne VIC 3008

Room Location: Core C

Please ask about OWASP at reception and they will direct you to the room (room: Core C).

The easiest way to get there is to hop on the tram number 48 or 11, on Collins St and go right to the end of Collins. Alternatively, walk down Collins St this is a walking distance . This will be the last stop.

 

==== Speaker ====

Jacob West

 

==== Topic ====

'''Creating secure code requires more than just good intentions'''

Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution.

Highlights include:

- The most common security shortcuts and why they lead to security failures 
- Why programmers are in the best position to get security right 
- Where to look for security problems 
- How static analysis helps 
- The critical attributes and algorithms that make or break a static analysis tool 
- The future of Secure Software 

We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors.

 

==== About the speaker ====

Jacob West is the Director of Security Research at Fortify Software where his team is responsible for building security knowledge into Fortifys products.

Jacob brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob contributed to the development of MOPS, a static analysis tool used to discover security vulnerabilities in C programs. In 2007, he co-authored a book with colleague Brian Chess titled “Secure Programming with Static Analysis”. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security.

 

Hope to see you all there.

 OWASP Melbourne :)

Melbourne/meetings/09dec2011

2011-12-05T12:37:29Z

Serg: Created page with "==== When ==== 09 December 2011 14:00 - 16:00 ==== Where ==== ANZ, 833 Collins St, Docklands, Melbourne VIC 3008 Room Location: Core C Please ask about OWASP at receptio..."

==== When ====

09 December 2011 14:00 - 16:00

==== Where ====

ANZ, 833 Collins St, Docklands, Melbourne VIC 3008

Room Location: Core C

Please ask about OWASP at reception and they will direct you to the room (room: Core C).

The easiest way to get there is to hop on the tram number 48 or 11, on Collins St and go right to the end of Collins. Alternatively, walk down Collins St this is a walking distance . This will be the last stop.

 

==== Speaker ====

Jacob West

 

==== Topic ====

'''Creating secure code requires more than just good intentions'''

Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution.

Highlights include:

- The most common security shortcuts and why they lead to security failures 
- Why programmers are in the best position to get security right 
- Where to look for security problems 
- How static analysis helps 
- The critical attributes and algorithms that make or break a static analysis tool 
- The future of Secure Software 

We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors.

 

==== About the speaker ====

Jacob brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob contributed to the development of MOPS, a static analysis tool used to discover security vulnerabilities in C programs. In 2007, he co-authored a book with colleague Brian Chess titled “Secure Programming with Static Analysis”. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security.

 

Hope to see you all there.

 OWASP Melbourne :)

2011-06-20T15:42:15Z

Serg: /* Quarterly Meeting */

Melbourne

2011-04-27T14:52:48Z

Serg:

Melbourne

2011-04-27T14:43:16Z

Serg:

2010-11-26T00:05:35Z

Serg:

{{Chapter Template|chaptername=Melbourne|extra=The chapter leaders are [mailto:ref001@gmail.com Richard Farrell], [mailto:serg@owasp.com Serg Belokamen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-australia|emailarchives=http://lists.owasp.org/pipermail/owasp-australia}}

<paypal>Melbourne</paypal>

== Thank You to our sponsors ==

A big thank you to the OWASP Melbourne chapter sponsors for providing ongoing support to our chapter. Thank You.

*'''[http://www.oreilly.com O'Reilly]'''
[[File:Ug_ad_250_viguy.gif]]
 

== Quarterly Meeting ==

''Coming soon...''

 

== Social Events ==

''Coming soon...''

[[Category:OWASP Chapter]]
[[Category:Australia]]