https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Tin+ZawOWASP - User contributions [en]2026-04-22T05:49:35ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Automated_Threats_to_Web_Applications&diff=228769OWASP Automated Threats to Web Applications2017-04-17T16:12:32Z<p>Tin Zaw: AppSec Cali 2017 uploaded</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Automated-threats-header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Automated Threats to Web Applications==<br />
<br />
The OWASP Automated Threats to Web Applications Project has completed a review of reports, academic and other papers, news stories and vulnerability taxonomies/listings to identify, name and classify these scenarios – automated by software causing a divergence from accepted behavior producing one or more undesirable effects on a web application, but excluding tool-based exploitation of single-issue vulnerabilities. The initial objective was to produce an ontology providing a common language for developers, architects, operators, business owners, security engineers, purchasers and suppliers/ vendors, to facilitate clear communication and help tackle the issues.<br />
The project also identifies symptoms, mitigations and controls in this problem area. Like all OWASP outputs, everything is free and published using an open source license.<br />
<br />
[https://www.owasp.org/index.php/File:Automation-project-briefing.pdf Two page summary project briefing as a PDF].<br />
<br />
== Description==<br />
<br />
Web applications are subjected to unwanted automated usage – day in, day out. Often these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities. Also, excessive misuse is commonly mistakenly reported as application denial-of-service (DoS) like HTTP-flooding, when in fact the DoS is a side-effect instead of the primary intent. Frequently these have sector-specific names. Most of these problems seen regularly by web application owners are not listed in any OWASP Top Ten or other top issue list. Furthermore, they are not enumerated or defined adequately in existing dictionaries. These factors have contributed to inadequate visibility, and an inconsistency in naming such threats, with a consequent lack of clarity in attempts to address the issues.<br />
<br />
Without sharing a common language between devops, architects, business owners, security engineers, purchasers and suppliers/vendors, everyone has to make extra effort to communicate clearly. Misunderstandings can be costly. The adverse impacts affect the privacy and security of individuals as well as the security of the applications and related system components.<br />
<br />
== Automated Threats ==<br />
<br />
The list of threat events, defined in full in the [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf OWASP Automated Threat Handbook], is:<br />
<br />
{| cellpadding="2"<br />
|-<br />
| width="300" align="left" valign="top" | <br />
<br />
* '''OAT-020''' Account Aggregation<br />
* '''OAT-019''' Account Creation<br />
* '''OAT-003''' Ad Fraud<br />
* '''OAT-009''' CAPTCHA Bypass<br />
* '''OAT-010''' Card Cracking<br />
* '''OAT-001''' Carding<br />
* '''OAT-012''' Cashing Out<br />
* '''OAT-007''' Credential Cracking<br />
* '''OAT-008''' Credential Stuffing<br />
* '''OAT-015''' Denial of Service<br />
<br />
| width="300" align="left" valign="top" | <br />
<br />
* '''OAT-006''' Expediting<br />
* '''OAT-004''' Fingerprinting<br />
* '''OAT-018''' Footprinting<br />
* '''OAT-005''' Scalping<br />
* '''OAT-011''' Scraping<br />
* '''OAT-016''' Skewing<br />
* '''OAT-013''' Sniping<br />
* '''OAT-017''' Spamming<br />
* '''OAT-002''' Token Cracking<br />
* '''OAT-014''' Vulnerability Scanning<br />
<br />
|}<br />
<br />
Not sure which is which? Use the new [https://www.owasp.org/index.php/File:Oat-ontology-decision-chart.pdf threat identification chart] in conjunction with the full [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf handbook].<br />
<br />
==Licensing==<br />
<br />
All the materials are free to use. They are licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
&copy; OWASP Foundation<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What Is This? ==<br />
<br />
Information and resources to help web application owners defend against automated threats<br />
<br />
== What Isn't It? ==<br />
<br />
* Another vulnerability list<br />
* Threat modelling<br />
* Attack trees<br />
* Non web<br />
* Non application<br />
<br />
==Project Objective==<br />
<br />
This project brings together research and analysis of real world automated attacks against web applications, to produce documentation to assist operators defend against these threats. Sector-specific guidance will be available.<br />
<br />
== Presentation ==<br />
<br />
[[File:Automatedthreats-presentation-small.jpg|link=media:Colinwatson-a-new-ontology-of-unwanted-automation.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
* [mailto:colin.watson@owasp.org Colin Watson]<br />
* [mailto:tin.zaw@owasp.org Tin Zaw]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP WASC Web Hacking Incidents Database Project|OWASP WASC Web Hacking Incidents Database Project]]<br />
* [[OWASP AppSensor Project|OWASP AppSensor Project]]<br />
* [[OWASP ModSecurity Core Rule Set Project|OWASP ModSecurity Core Rule Set Project]]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Links ==<br />
<br />
* [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf Download the free handbook as a PDF]<br />
<br />
== News and Events ==<br />
<br />
* [17 Apr 2017] [https://www.owasp.org/index.php/File:BadBots_OWASP_AppSec_CA_2017.pptx Slides] from AppSec California (2017)<br />
* [09-10 May 2017] Session at OWASP AppSecEU [https://2017.appsec.eu/program/project-summit project summit]<br />
* [20 Dec 2016] Threat identification chart [https://www.owasp.org/index.php/File:Oat-ontology-decision-chart.pdf published]<br />
* [03 Nov 2016] Presentation at [http://lascon.org/ LASCON 2016]<br />
* [03 Nov 2016] v1.1 Handbook published<br />
* [11-12 Oct 2016] Working session at the [https://docs.google.com/presentation/d/1iMQHTc-h5qcP7gBBRcPHGmVaTWqx3dpMwNMVlA--rqs/edit#slide=id.p3 AppSecUSA Project Summit]<br />
* [04 Aug 2016] Project Q&A at Blackhat USA 2-5pm in the OWASP booth<br />
* [15 Jul 2016] Tin Zaw becomes co project leader<br />
* [12 Jul 2016] Work on v1.1 begun<br />
* [26 Oct 2015] [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf v1.01 handbook] published<br />
* [24 Sep 2015] [https://www.owasp.org/index.php/File:Colinwatson-a-new-ontology-of-unwanted-automation.pptx Presentation] at [https://2015.appsecusa.org/c/?page_id=896#a AppSec USA 2015]<br />
<br />
==In Print==<br />
<br />
[[File:AutomatedThreatHandbook_small.jpg|link=http://www.lulu.com/shop/owasp-foundation/automated-threat-handbook/paperback/product-22932107.html]]<br />
<br />
The [http://www.lulu.com/shop/owasp-foundation/automated-threat-handbook/paperback/product-22932107.html Automated Threat Handbook] can be purchased at cost as a print on demand book.<br />
<br />
==Classifications==<br />
<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
= Scope and Definitions =<br />
<br />
==Scope==<br />
<br />
The aim was to create a listing of vendor-neutral and technology agnostic terms that describe real-world automated threats to web applications, at a level of abstraction that application owners can relate to. These terms are threat events to web applications undertaken using automated actions.<br />
<br />
The focus is on abuse of functionality - misuse of inherent functionality and related design flaws, some of which are also referred to as business logic flaws. There is almost no focus on implementation bugs. It is not that the latter are not the target for attacks, but there is much more knowledge published in that area with a greater agreement on terminology. All the scenarios identified must require the web to exist for the threat to be materialised. Many of the scenarios have impacts upon the organisation that owns or operates web applications, but some scenarios have impacts more focused on individuals or other bodies. An attack that can be achieved without the web is out of scope.<br />
<br />
==Definitions ==<br />
<br />
=== Automated Threats to Web Applications ===<br />
<br />
Threat events to web applications undertaken using automated actions.<br />
<br />
An attack that can be achieved without the web is out of scope.<br />
<br />
== Glossary ==<br />
<br />
;Action<br />
: An act taken against an asset by a threat agent. Requires first that contact occurs between the asset and threat agent (Ref 1)<br />
<br />
; Application<br />
: Software that performs a business process i.e. not system software<br />
: A software program hosted by an information system (Ref 2)<br />
<br />
; Application layer<br />
: "Layer 7” in the OSI model (Ref 3) and “application layer” in the TCP/IP model (Ref 4)<br />
<br />
;Threat<br />
: Anything that is capable of acting in a manner resulting in harm to an asset and/or organization; for example, acts of God (weather, geological events, etc.); malicious actors; errors; failures (Ref 1)<br />
<br />
;Threat Agent<br />
: Any agent (e.g., object, substance, human, etc.) that is capable of acting against an asset in a manner that can result in harm (Ref 1)<br />
<br />
;Threat Event<br />
: Occurs when a threat agent acts against an asset (Ref 1)<br />
<br />
; Web<br />
: The World Wide Web (WWW, or simply Web) is an information space in which the items of interest, referred to as resources, are identified by global identifiers called Uniform Resource Identifiers (URI) (Ref 5)<br />
: The first three specifications for Web technologies defined URLs, HTTP, and HTML (Ref 6)<br />
<br />
; Web application<br />
: An application delivered over the web<br />
<br />
<br />
Glossary references:<br />
# [http://pubs.opengroup.org/onlinepubs/9699919899/toc.pdf Risk Taxonomy, Technical Standard, The Open Group, 2009]<br />
# [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2, NIST]<br />
# [http://en.wikipedia.org/wiki/OSI_model OSI model, Wikipedia] <br />
# [http://en.wikipedia.org/wiki/Internet_protocol_suite TCP/IP model, Wikipedia]<br />
# [http://www.w3.org/TR/webarch/ Architecture of the World Wide Web, Volume One, W3C]<br />
# [http://www.w3.org/Help/ Help and FAQ, W3C]<br />
<br />
=Use Case Scanarios=<br />
<br />
The following scenarios and organisation names are completely fictitious.<br />
<br />
==Defining application development security requirements==<br />
<br />
Cinnaminta SpA intends to build and launch a new multi-lingual and multi-currency ecommerce website. The development will be outsourced and Cinnaminta has been working on the functional design document. Among many other requirements, the application security specification requires that the website must not include any vulnerabilities identified in PCI DSS v3.1 Requirement 6.5, nor any other vulnerabilities that could affect the protection of payment cardholder data. Cinnaminta specifies that the website's payment functions must not be susceptible to the threat events '''OAT-001 Carding''' or '''OAT-010 Card Cracking''' as defined in the '''OWASP Automated Threat Handbook'''. In addition, the application must interact with the company's existing fraud detection system to counter '''OAT-012 Cashing Out'''. The requirements are specified in terms of these threat events, rather than particular product or service categories. Development houses responding to the call for bids use the ontology to focus their answers to these aspects appropriately.<br />
<br />
== Sharing intelligence within a sector==<br />
<br />
Unlimited Innovations Inc develops and supports patient-facing software solutions to a range of healthcare providers, many of which participate in the National Health Service Cyber Intelligence Sharing Center (NHS-CISC). Unlimited Innovations already builds continuous monitoring capabilities into its software and decides to provide an optional enhancement so that customers could choose to share their misuse event data with each other, to benefit from the combined threat intelligence. Rather than sharing large quantities of low-level data, Unlimited Innovations aggregates information and broadcasts validated and categorised threat data amongst the participating organisations. Automation attacks are classified according to the threat events defined in the '''OWASP Automated Threat Handbook''' so that each receiving party understands the nature of the threat. Even organisations that do not want to take part in this information sharing can benefit, since their own categorised information is made available to internal business management in the form of an easy-to-comprehend monitoring dashboard. The information gathered can also be fed into their other business information management systems to help improve patient service.<br />
<br />
== Exchanging threat data between CERTs==<br />
<br />
National Computer Emergency Response Teams (CERTs) recognise that sharing of local information can contribute to worldwide prevention of cyber attacks. Despite advances in cooperation between CERTs, anything to increase continuity and interoperability, such as standards for data exchange, is encouraged. CERT Zog is concerned about the sparsity of application-specific data it receives, and also the classification of that data. It has a particular concern about attacks and breaches that affect sectors defined in Zog's 2015 national cyber security strategy. CERT Zog and its neighbour CERT Tarset agree to tag threat events using the '''OWASP Automated Threat Handbook''' in order to add greater context to existing solutions being used for threat data exchange between them. The programme also collects sector metadata, so that all organisations within these can benefit from the centralised intelligence.<br />
<br />
== Enhancing application penetration test findings==<br />
<br />
Specialist application security penetration testing firm Cherak Industries Pte Ltd works primarily for financial services companies in the banking and insurance sectors, and is looking to expand its business throughout Asia. Cherak has some innovative pen test result reporting systems which integrate with client software fault and vulnerability tracking systems, and it actively looks for methods to provide additional value to its clients. Cherak has identified that pen test clients would benefit from help to in understanding the effects of combinations of vulnerabilities, especially design flaws, and has decided to utilise the '''OWASP Automated Threat Handbook''' to define and explain the automation-related threats. The individual vulnerabilities were scored as normal using CVSSv2 and v3, the matching CWEs identified, and mitigations in place documented. In addition, Cherak uses the threat events defined in the '''OWASP Automated Threat Handbook''' to help create a new section in the executive summary that explains how combinations of the issues found could lead to automation threats and the possible technical and business impacts. For example, an assessment for one client had identified weaknesses in authentication so that there is a risk of '''OAT-008 Credential Stuffing'''. The defined identifier was provided to the client, so its technical staff could refer to additional information on the OWASP website.<br />
<br />
== Specifying service acquisition needs==<br />
<br />
Falstone Paradise Inc is concerned about malicious use of their portfolio of hotel and resort websites. The majority of the websites use a shared application platform, but there are some unique applications and a large number of other micro-sites, some of which use generic content management systems such as Wordpress and Drupal. Falstone Paradise has identified that its IT operations team are spending too much time dealing with the effects of automated misuse, such as cleaning up data, resetting customer accounts and providing extra capacity during attacks. Furthermore, the unwanted automation is also causing some instabilities leading to negative feedback from customers. Therefore Falstone Paradise decides to go out to the security marketplace to identify, assess and select products or services that might help address these automation issues for all its websites. Their buying team works with their information technology colleagues to write the detailed requirements in an Invitation to Tender (ITT) document. This describes the types of attacks its web applications are receiving, their frequency of occurrence and their magnitudes. These are defined according to the '''OWASP Automated Threat Handbook''', so that vendors do not misunderstand the requirements, and each vendor's offering can be assessed against the particular automation threat events of concern.<br />
<br />
== Characterising vendor services ==<br />
<br />
Better Best Ltd has developed an innovative technology to help gaming companies defend against a range of automated threats that can otherwise permit cheating and distortion of the game, leading to disruption for normal players. The solution can be deployed on premises, but is also available in the cloud as a service. But Better Best is finding difficulty explaining its solution in the market place, especially since it does not fit into any conventional product category. Better Best decide to use the terminology and threat events listed in the '''OWASP Automated Threat Handbook''' to define their product's capabilities. They hope this will provide some clarity about their offering, and also demonstrate how their product can be used to replace more than one other conventional security device. Additionally, Better Best writes a white paper describing how their product has been successfully used by one of their reference customers Hollybush Challenge Games to protect against '''OAT-006 Expediting''', '''OAT-005 Scalping''', '''OAT-016 Skewing''' and '''OAT-013 Sniping'''.<br />
<br />
<br />
<br />
=Ontology=<br />
<br />
==Introduction==<br />
<br />
The list of threat events and summary descriptions, defined in full in the [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf OWASP Automated Threat Handbook], is:<br />
<br />
{| cellpadding="2"<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-020''' Account Aggregation<br />
| align="left" valign="top" | <br />
Use by an intermediary application that collects together multiple accounts and interacts on their behalf.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-019''' Account Creation<br />
| align="left" valign="top" | <br />
Create multiple accounts for subsequent misuse.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-003''' Ad Fraud<br />
| align="left" valign="top" | <br />
False clicks and fraudulent display of web-placed advertisements.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-009''' CAPTCHA Bypass<br />
| align="left" valign="top" | <br />
Solve anti-automation tests.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-010''' Card Cracking<br />
| align="left" valign="top" | <br />
Identify missing start/expiry dates and security codes for stolen payment card data by trying different values.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-001''' Carding<br />
| align="left" valign="top" | <br />
Multiple payment authorisation attempts used to verify the validity of bulk stolen payment card data.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-012''' Cashing Out<br />
| align="left" valign="top" | <br />
Buy goods or obtain cash utilising validated stolen payment card or other user account data.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-007''' Credential Cracking<br />
| align="left" valign="top" | <br />
Identify valid login credentials by trying different values for usernames and/or passwords.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-008''' Credential Stuffing<br />
| align="left" valign="top" | <br />
Mass log in attempts used to verify the validity of stolen username/password pairs.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-015''' Denial of Service<br />
| align="left" valign="top" | <br />
Target resources of the application and database servers, or individual user accounts, to achieve denial of service (DoS).<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-006''' Expediting<br />
| align="left" valign="top" | <br />
Perform actions to hasten progress of usually slow, tedious or time-consuming actions.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-004''' Fingerprinting<br />
| align="left" valign="top" | <br />
Elicit information about the supporting software and framework types and versions.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-018''' Footprinting<br />
| align="left" valign="top" | <br />
Probe and explore application to identify its constituents and properties.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-005''' Scalping<br />
| align="left" valign="top" | <br />
Obtain limited-availability and/or preferred goods/services by unfair methods.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-011''' Scraping<br />
| align="left" valign="top" | <br />
Collect application content and/or other data for use elsewhere.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-016''' Skewing<br />
| align="left" valign="top" | <br />
Repeated link clicks, page requests or form submissions intended to alter some metric.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-013''' Sniping<br />
| align="left" valign="top" | <br />
Last minute bid or offer for goods or services.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-017''' Spamming<br />
| align="left" valign="top" | <br />
Malicious or questionable information addition that appears in public or private content, databases or user messages.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-002''' Token Cracking<br />
| align="left" valign="top" | <br />
Mass enumeration of coupon numbers, voucher codes, discount tokens, etc.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-014''' Vulnerability Scanning<br />
| align="left" valign="top" | <br />
Crawl and fuzz application to identify weaknesses and possible vulnerabilities.<br />
|}<br />
<br />
==Comparison with other dictionaries, taxonomies and lists==<br />
<br />
===[https://capec.mitre.org/ Common Attack Pattern Enumeration and Classification] (CAPEC)===<br />
<br />
[[File:Ontology-chart-capec-wiki.png|link=]]<br />
<br />
CAPEC is a dictionary and classification taxonomy of known attacks on software. Its primary classification structures are:<br />
<br />
* [https://capec.mitre.org/data/definitions/3000.html Domains of attack] (3000) - Social Engineering (403), [https://capec.mitre.org/data/definitions/437.html Supply Chain] (437), Communications (512), [https://capec.mitre.org/data/definitions/513.html Software] (513), Physical Security (514), Hardware (515)<br />
* Mechanism of Attack (1000) - Gather Information (118), Deplete Resources (119), Injection (152), Deceptive Interactions (156), Manipulate Timing and State (172), Abuse of Functionality (210), Probabilistic Techniques (223), Exploitation of Authentication (225), Exploitation of Authorization (232), Manipulate Data Structures (255), Manipulate Resources (262), Analyze Target (281), Gain Physical Access (436), Malicious Code Execution (525), Alter System Components (526), Manipulate System Users (527)<br />
<br />
===[http://projects.webappsec.org/w/page/13246978/Threat%20Classification WASC Threat Classification]===<br />
<br />
[[File:Ontology-chart-wasc-wiki.png|link=]]<br />
<br />
The WASC Threat Classification classifies weaknesses and attacks that can lead to the compromise of a website, its data, or its users.<br />
<br />
===[[OWASP WASC Web Hacking Incidents Database Project]] (WHID)===<br />
<br />
WHID [https://www.google.com/fusiontables/DataSource?snapid=S1536501YnLo classifies] publicly known incidents using:<br />
<br />
* attack methods e.g. ARP spoofing, abuse of functionality, account compromise, administration error, automation, backdoor, banking trojan, brute force, clickjacking, code injection, content injection, content spoofing, credential/session prediction, cross site request forgery (CSRF), cross-site scripting (XSS), denial of service, directory traversal, domain hijacking, DNS hijacking, forceful browsing, HTTP response splitting, hidden parameter manipulation, hosting malicious code, information leakage, insufficient authentication, known vulnerability, local file inclusion (LFI), malvertising, malware, malware injection, mass assignment, misconfiguration, OS commanding, parameter manipulation, path traversal, phishing, predictable resource location, process automation, redirection, remote file inclusion (RFI), rogue 3rd party app, scaping, search engine poisoning, shell injection, social engineering, stolen credentials, SQL injection, unintentional information disclosure, weak password recovery validation, worm<br />
* weakness e.g. abuse of functionality, application misconfiguration, directory indexing, improper filesystem permissions, improper input handling, improper output handling, information leakage, insecure indexing, insufficient anti-automation, insufficient authentication, insufficient authorization, insufficient entropy, insufficient password recovery, insufficient process validation, insufficient session expiration, insufficient transport layer protection, misconfiguration, predictable resource location, weak password<br />
* outcome account hijacking, account takeover, botnet participation, chaos, credit card leakage, data loss, defacement, DDoS attacks, DNS hijacking, DNS redirection, disinformation, disclosure only, downtime, extortion, fraud, information warfare, leakage of information, link spam, loss of sales, malware distribution, monetary loss, phishing, planting of malware, service disruption, session hijacking, spam, spam links, stolen credentials, worm<br />
<br />
Plus other/various/unknown.<br />
<br />
= Bibliography =<br />
<br />
The following academic, open source, commercial and news sources were used in the research on automated threats to web applications. OWASP is a worldwide not-for-profit charitable organization focused on improving the security of software. We operate under a vendor neutral policy and we do not endorse products or services.<br />
<br />
* 10 years of Application Security, Denyall http://www.denyall.com/resources/whitepapers/?aliId=3438442<br />
* 2012 Payment Card Threat Report https://www.securitymetrics.com/static/resources/orange/2012%20Payment%20Card%20Threat%20Report%20copy.pdf <br />
* 2014 Bot Traffic Report: Just the Droids You were Looking for http://www.incapsula.com/blog/bot-traffic-report-2014.html <br />
* 3 Types of ‘Return Fraud’ to Monitor this Holiday Season http://www.practicalecommerce.com/articles/3168-3-Types-of-%E2%80%98Return-Fraud-to-Monitor-this-Holiday-Season <br />
* 7 Ways Bots Hurt Your Website, Distil Networks http://www.distilnetworks.com/7-ways-bots-hurt-website-whitepaper/ <br />
* Abusing HTML 5 Structured Client-side Storage 2008 http://packetstorm.wowhacker.com/papers/general/html5whitepaper.pdf <br />
* Acquiring Experience with Ontology and Vocabularies, Walt Melo, Risa Mayan and Jean Stanford, 2011 http://www.omg.org/news/meetings/workshops/SOA-HC/presentations-2011/13_SC-6_Melo_Stanford_Mayan.pdf <br />
* An Anatomy of a SQL Injection Attack Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_An_Anatomy_of_a_SQL_Injection_Attack_SQLi.pdf <br />
* The Anatomy of Clickbot.A https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/daswani/daswani.pdf <br />
* Anatomy of comment spam Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Anatomy_of_Comment_Spam.pdf <br />
* Anti-Automation Monitoring and Prevention 2015 https://www.clerkendweller.uk/2015/1/29/AntiAutomation-Monitoring-and-Prevention <br />
* Anti-DDoS Solution for Internet Corporation http://www.nsfocus.com/uploadfile/Solution/NSFOCUS%20Anti-DDoS%20Solution%20for%20Internet%20Corporation.pdf <br />
* Anti-Fraud Principles and Proposed Taxonomy Sep 2014 http://www.iab.net/media/file/IAB_Anti_Fraud_Principles_and_Taxonomy.pdf <br />
* Apache Security Ivan Ristic <br />
* Application Security Desk Reference, OWASP https://www.owasp.org/index.php/Category:OWASP_ASDR_Project<br />
* Application Security Guide For CISOs, OWASP, 2013 https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf<br />
* AppSensor, OWASP https://www.owasp.org/index.php/OWASP_AppSensor_Project<br />
* Attack & Defense Labs http://www.andlabs.org/html5.html <br />
* Attack categories OWASP https://www.owasp.org/index.php/Category:Attack <br />
* Attack Trees, Schneier, Dr. Dobb's Journal, December 1999 https://www.schneier.com/paper-attacktrees-ddj-ft.html <br />
* Attacking with HTML5 2010 https://media.blackhat.com/bh-ad-10/Kuppan/Blackhat-AD-2010-Kuppan-Attacking-with-HTML5-wp.pdf <br />
* Automated attacks Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Automation_of_Attacks.pdf <br />
* Avoiding the Top 10 Software Security Design Flaws http://cybersecurity.ieee.org/images/files/images/pdf/CybersecurityInitiative-online.pdf <br />
* Bad Bots On The Rise Dec 2014 http://www.darkreading.com/informationweek-home/bad-bots-on-the-rise/d/d-id/1318276 <br />
* Banking Botnets Persist Despite Takedowns, Dell SecureWorks, 2015 http://www.secureworks.com/cyber-threat-intelligence/threats/banking-botnets-persist-despite-takedowns/ <br />
* The Barracuda Web Application Firewall: XML Firewall https://www.barracuda.com/assets/docs/White_Papers/Barracuda_Web_Application_Firewall_WP_XML_Firewall.pdf <br />
* Blocking Brute Force Attacks http://www.cs.virginia.edu/~csadmin/gen_support/brute_force.php <br />
* Bot Traffic Growing Problem for Digital Oct 2014 http://www.netnewscheck.com/article/36537/bot-traffic-growing-problem-for-digital <br />
* BotoPedia Incapsula http://www.botopedia.org/ <br />
* Boy in the Browser Imperva http://www.imperva.com/DefenseCenter/ThreatAdvisories/Boy_in_the_Browser <br />
* Business Logic Attacks - Bots and BATs, Eldad Chai, 2009 http://www.owasp.org/images/9/96/AppSecEU09_BusinessLogicAttacks_EldadChai.ppt <br />
* Bypassing Client Application Protection Techniques http://www.securiteam.com/securityreviews/6S0030ABPE.html<br />
* A CAPTCHA in the Rye Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_a_CAPTCHA_in_the_Rye.pdf <br />
* Characterizing Large Scale Click fraud http://cseweb.ucsd.edu/~voelker/pubs/za-ccs14.pdf <br />
* Charter Addition Proposal: "Trusted Code" for the Web https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0150.html<br />
* A cheesy Apache / IIS DoS vuln (+a question) http://www.securityfocus.com/archive/1/456339/30/0/threaded <br />
* China's Man-on-the-Side Attack on GitHub http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub<br />
* The CISO Survey and Report, OWASP, 2013 https://www.owasp.org/index.php/File:Owasp-ciso-report-2013-1.0.pdf<br />
* Common Attack Pattern Enumeration and Classification (CAPEC), Mitre https://capec.mitre.org/ <br />
* Common Cyber Attacks: Reducing the Impact CERT-UK https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf <br />
* Corporate espionage – the internet’s new growth industry http://www.itproportal.com/2015/03/19/corporate-espionage-internets-new-growth-industry/ <br />
* CSA Top Threats to Cloud Computing https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf <br />
* CSRF vulnerability in GMail service http://seclists.org/fulldisclosure/2009/Mar/29 <br />
* CWE/SANS Top 25 Most Dangerous Software Errors, 2011 http://cwe.mitre.org/top25/ <br />
* Cyber Fraud - Tactics Techniques and Procedures http://www.crcpress.com/product/isbn/9781420091274 <br />
* Cybercrime Report: Q1 2015, ThreatMetrix, 2015 http://info.threatmetrix.com/WP-2015Q1CybercrimeReport_WP-LP.html<br />
* Data Breach Investigations Report (DBIR), 2014 http://www.verizonenterprise.com/DBIR/2014/ <br />
* Data Breach Investigations Report (DBIR), 2015 http://www.verizonenterprise.com/DBIR/2015/<br />
* Data Breaches Fuel Login Attacks Akamai Feb 2015 http://www.stateoftheinternet.com/downloads/pdfs/2014-state-of-the-internet-threat-advisory-public-data-breaches-fuel-login-attacks.pdf <br />
* Data Scraping Wikipedia http://en.wikipedia.org/wiki/Data_scraping <br />
* DDoS Quick Guide https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf <br />
* DDoS Threat Landscape Report, 2013-2014 http://lp.incapsula.com/rs/incapsulainc/images/2013-14_ddos_threat_landscape.pdf <br />
* Defending Against an Internet-based Attack on the Physical World http://avirubin.com/scripted.attacks.pdf <br />
* Defending Against Application-Based DDoS Attacks with the Barracuda Web Application Firewall https://www.barracuda.com/assets/docs/White_Papers/Barracuda_Web_Application_Firewall_WP_Defending%20_Against_%20Application-Based_%20DDoS_%20Attacks.pdf <br />
* Demystifying HTML 5 Attacks http://resources.infosecinstitute.com/demystifying-html-5-attacks/ <br />
* Denial of Service Attacks: A Comprehensive Guide to Trends Techniques and Technologies Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdf<br />
* Detecting and Blocking Site Scraping Attacks Imperva http://www.imperva.com/docs/WP_Detecting_and_Blocking_Site_Scraping_Attacks.pdf <br />
* Detecting Automation of Twitter Accounts: Are you a human cyborg or a bot? http://www.cs.wm.edu/~hnw/paper/tdsc12b.pdf <br />
* Detecting Malice Robert "RSnake" Hansen 2009 http://www.detectmalice.com/ <br />
* Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1414072277428&uri=CELEX:32002L0058 <br />
* Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:31995L0046 <br />
* Distributed Denial-of-Service (DDoS) Cyber-Attacks Risk Mitigation and Additional Resources Federal Financial Institutions Examination Council http://www.ffiec.gov/press/PDF/FFIEC%20DDoS%20Joint%20Statement.pdf <br />
* Do Evil - The Business of Social Media Bots Forbes http://www.forbes.com/sites/lutzfinger/2015/02/17/do-evil-the-business-of-social-media-bots/ <br />
* DoS and DDoS Glossary of Terms prolexic http://www.prolexic.com/knowledge-center-dos-and-ddos-glossary.html#layer-7-ddos-attack <br />
* E-commerce Malware Trustwave https://gsr.trustwave.com/topics/placeholder-topic/e-commerce-malware/ <br />
* Exploiting Software, G. Hoglund and G. McGraw, Addison-Wesley, 2004<br />
* Five Trends to Track in E-Commerce Fraud, ThreatMetrix, 2013 http://info.threatmetrix.com/rs/threatmetrix/images/Five_Trends_eCommerce_Fraud_WP.pdf<br />
* Hacker builds cheatbot for hit app Trivia Crack http://www.theregister.co.uk/2015/03/26/hacker_builds_trivia_crack_cheat_app/ <br />
* Has Walmart opened itself up to “Denial of inventory” attacks? https://arstechnica.com/business/2012/05/has-walmart-opened-itself-up-to-denial-of-inventory-attacks/ <br />
* How Hoarder Bots Steal sales from Online Retailers https://www.internetretailer.com/mobile/2016/12/16/how-hoarder-bots-steal-sales-online-retailers<br />
* How to Defend Against DDoS Attacks - Strategies for the Network Transport and Application Layers Prolexic http://www.prolexic.com/kcresources/white-paper/strategies-for-the-network-transport-and-application-layers-412/Strategies_for_the_Network_Transport_and_Application_Layers_Prolexic_White_Paper_A4_082412.pdf <br />
* How to Defend Online Travel Websites in the Era of Site Scraping, Distil Networks http://www.distilnetworks.com/defend-online-travel-websites-era-site-scraping-download/<br />
* How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores http://research.microsoft.com/pubs/145858/caas-oakland-final.pdf <br />
* HTML5 Overview A look at HTML5 Attack Scenarios Trend Micro 2011 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_html5-attack-scenarios.pdf <br />
* HTML5 Top 10 Threats Stealth Attacks and Silent Exploits 2012 https://media.blackhat.com/bh-eu-12/shah/bh-eu-12-Shah_HTML5_Top_10-WP.pdf <br />
* HTML5 web security 2011 http://media.hacking-lab.com/hlnews/HTML5_Web_Security_v1.0.pdf <br />
* HTTPPOST - Slow POST Wong Onn Chee OWASP AppSec DC 2010 https://www.owasp.org/images/4/43/Layer_7_DDOS.pdf <br />
* If you've got @British_Airways account may make sense to change your password. Just had all my Avios cleared out! https://twitter.com/suttonnick/status/581556027948195840/photo/1 <br />
* Internet Security Threat Report, Volume 19, 2014 http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf<br />
* An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks http://www.springer.com/gb/book/9788132202769 <br />
* Is Your Data Center Ready for Today’s DDoS Threats? DDoS attack types protection methods and testing your detection and mitigation defenses http://www.fortinet.com/sites/default/files/whitepapers/WP-DDoS-Testing.pdf <br />
* Joomla Reflection DDoS-for-Hire Akamai Feb 2015 http://www.stateoftheinternet.com/downloads/pdfs/2015-state-of-the-internet-threat-advisory-joomla-reflection-attack-ddos-for-hire.pdf <br />
* Layer 7 DDOS – Blocking HTTP Flood Attacks http://blog.sucuri.net/2014/02/layer-7-ddos-blocking-http-flood-attacks.html <br />
* Lenovo Superfish put smut on my system' – class-action lawsuit The Register http://www.theregister.co.uk/2015/02/23/lenovo_superfish_class_action_lawsuit/ <br />
* List of Attack Vectors Relative Vulnerability Rating TECAPI http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp#<br />
* Man in the Browser http://scisweb.ulster.ac.uk/~kevin/IJACI-Vol4No1-maninbrowser.pdf <br />
* Man in the Browser Attack https://www.owasp.org/index.php/Man-in-the-browser_attack<br />
* Mapping and Measuring Cybercrime, Oxford Internet Institute http://www.oii.ox.ac.uk/publications/FD18.pdf <br />
* Massive Changes in the Criminal Landscape Europol 2015 https://www.europol.europa.eu/content/massive-changes-criminal-landscape <br />
* Matching Attack Patterns to Security Vulnerabilities in Software-Intensive System Designs http://collaboration.csc.ncsu.edu/laurie/Papers/ICSE_Final_MCG_LW.pdf <br />
* Mitigating DDoS Attacks with F5 Technology F5 https://f5.com/resources/white-papers/mitigating-ddos-attacks-with-f5-technology <br />
* Mitigating the DoS/DDosS Threat, Radware, 2012 http://www.radware.com/PleaseRegister.aspx?returnUrl=6442452061<br />
* Modern Web Attacks, Sophos, 2007 http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/modern-web-attacks.aspx<br />
* ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks https://www.trustwave.com/Resources/SpiderLabs-Blog/(Updated)-ModSecurity-Advanced-Topic-of-the-Week--Mitigating-Slow-HTTP-DoS-Attacks/ <br />
* Most common attacks on web applications https://ipsec.pl/web-application-security/most-common-attacks-web-applications.html <br />
* Multi-dimensional Vulnerability Hierarchies Daniel Miessler https://danielmiessler.com/study/multi-dimensional-vulnerability-hierarchies/<br />
* New Wave of DDoS Attacks Launched BankInfoSecurity.com Mar 2013 http://www.bankinfosecurity.com/new-wave-ddos-attacks-launched-a-5584/op-1 <br />
* NOMAD: Toward Non-Invasive Moving Target Defense Against Web Bots http://faculty.cs.tamu.edu/guofei/paper/NOMAD_CNS13.pdf <br />
* Online Ad Fraud Exposed: Advertisers Losing $6.3 Billion To $10 Billion Per Year Sep 2014 http://www.darkreading.com/analytics/threat-intelligence/online-ad-fraud-exposed-advertisers-losing-$63-billion-to-$10-billion-per-year/d/d-id/1317979 <br />
* Online Data Companies versus Bots: The Fight is on for Control of Online Data, Distil Networks http://www.distilnetworks.com/online-data-companies-vs-bots-download/<br />
* Optimal Airline Ticket Purchasing Using Automated User-Guided Feature Selection http://ijcai.org/papers13/Papers/IJCAI13-032.pdf <br />
* Payment Checkout Flaws and Bugs 2014 https://www.clerkendweller.uk/2014/11/4/Payment-Checkout-Flaws-and-Bugs <br />
* PCI Compliance Report 2015 Verizon http://www.verizonenterprise.com/pcireport/2015/ <br />
* Pixel Perfect Timing Attacks with HTML5 2013 http://www.contextis.com/services/research/white-papers/pixel-perfect-timing-attacks-html5/ <br />
* Polymorphism as a Defense for Automated Attack of Websites http://link.springer.com/chapter/10.1007%2F978-3-319-07536-5_30 <br />
* Preventing Web Scraping: Best Practice https://creativedigitalideas.files.wordpress.com/2014/11/best-practice-to-prevent-web-scraping.pdf <br />
* Profile: Automated Credit Card Fraud http://old.honeynet.org/papers/profiles/cc-fraud.pdf <br />
* Protecting Against Web Floods, Radware http://www.radware.com/PleaseRegister.aspx?returnUrl=6442452968<br />
* Q4 2014 State of the Internet Security Report prolexic http://www.stateoftheinternet.com/downloads/pdfs/2014-internet-security-report-q4.pdf <br />
* Reflection injection http://cybersecurity.ieee.org/images/files/images/pdf/CybersecurityInitiative-online.pdf <br />
* A Report on taxonomy and evaluation of existing inventories, ENISAhttp://ecrime-project.eu/wp-content/uploads/2015/02/E-Crime-Deliverable-2-1-20141128_FINAL.pdf <br />
* Reporting Intellectual Property Crime: A Guide for Victims of Copyright Infringement, Trademark Counterfeiting, and Trade Secret Theft, Dept of Justice http://www.justice.gov/criminal/cybercrime/docs/ip-victim-guide-and-checklist-march-2013.pdf<br />
* SANS Top 20 Critical Controls https://www.sans.org/critical-security-controls/ <br />
* Securing Websites, Sophos, 2011 http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/securing-websites.aspx <br />
* Security Insights: Defending Against Automated Threats http://www.securityweek.com/security-insights-defending-against-automated-threats <br />
* Server side DDoS Imperva http://www.imperva.com/DefenseCenter/ThreatAdvisories/DDOS_Attack_Method_Payload_05182010 <br />
* Slow Read Denial of Service attack https://code.google.com/p/slowhttptest/wiki/SlowReadTest <br />
* Slow-Read DoS Attack https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Advanced-Topic-of-the-Week--Mitigation-of--Slow-Read--Denial-of-Service-Attack/ <br />
* Slowloris HTTP DoS http://ha.ckers.org/slowloris/ <br />
* So what are the "most critical" application flaws? On new OWASP Top 10 https://ipsec.pl/application-security/2013/so-what-are-most-critical-application-flaws-new-owasp-top-10.html <br />
* Social Media Bots Offer Phony Friends and Real Profit NY Times http://www.nytimes.com/2014/11/20/fashion/social-media-bots-offer-phony-friends-and-real-profit.html?_r=1 <br />
* Software Vulnerability Analysis, Krsul, 1998 http://www.krsul.org/ivan/articles/main.pdf<br />
* Sophos Security Threat Report http://blogs.sophos.com/2014/12/11/our-top-10-predictions-for-security-threats-in-2015-and-beyond/<br />
* SpoofedMe Social Login Attack Discovered by IBM X-Force Researchers http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers/#.VSuiEhPSngM <br />
* State of Software Security Report, Volume 5, Veracode, 2013 https://info.veracode.com/state-of-software-security-report-volume5.html<br />
* Stopping Automated Attack Tools http://www.technicalinfo.net/papers/StoppingAutomatedAttackTools.html<br />
* Taxonomy on Online Game Security http://www.math.snu.ac.kr/~jhcheon/publications/2004/Taxonomy%20on%20online%20game%20security_EL.pdf <br />
* A Taxonomy of Computer Program Security Flaws, with Examples, Landwehr https://cwe.mitre.org/documents/sources/ATaxonomyofComputerProgramSecurityFlawswithExamples%5BLandwehr93%5D.pdf<br />
* A Taxonomy of Security Faults in the UNIX Operating System, Aslam, 1995 https://cwe.mitre.org/documents/sources/ATaxonomyofSecurityFaultsintheUNIXOperatingSystem%5BAslam95%5D.pdf <br />
* Testing Guide, v4, OWASP, 2014 https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf <br />
* The Bot Baseline: Fraud in Digital Advertising https://s3.amazonaws.com/whiteops-public/WO-ANA-Baseline-Study-of-Bot-Fraud.pdf <br />
* The Internet Organised Crime Threat Assessment (iOCTA) 2014 https://www.europol.europa.eu/content/internet-organised-crime-threat-assesment-iocta <br />
* The Notorious Nine Cloud Computing Top Threats in 2013 CSA https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf <br />
* The Risks of Content Management Systems, IBM, 2015 https://portal.sec.ibm.com/mss/html/en_US/support_resources/pdf/CMS_Threats_MSS_Threat_Report.pdf <br />
* The Spy in the Sandbox – Practical Cache Attacks in Javascript http://iss.oy.ne.ro/SpyInTheSandbox.pdf <br />
* Thousands of Hacked Uber Accounts Selling on Dark Web for $1 http://thehackernews.com/2015/03/thousands-of-hacked-uber-accounts_30.html?m=1<br />
* Threat Intelligence Quarterly, IBM, 1Q 2015 https://www.ibm.com/services/forms/signup.do?source=swg-WW_Security_Organic&S_PKG=ov33510&S_TACT=C327017W&dynform=18101<br />
* Threat Modeling: Designing for Security, Adam Shostack, Wiley, April 2014 http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118809998.html<br />
* Threats and Mitigations: A Guide to Multi-Layered Web Security - eBook Prolexic http://www.prolexic.com/knowledge-center/prolexic-download/guide-multi-layered-web-security-ebook.pdf <br />
* Trapping Unknown Malware in a Context Web, Sophos http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/HuqSzabo-VB2013.pdf?la=en.pdf<br />
* Trustwave Global Security Report 2014 https://www2.trustwave.com/GSR2014.html?utm_source=redirect&utm_medium=web&utm_campaign=GSR2014 <br />
* TurboTax’s Anti-Fraud Efforts Under Scrutiny http://krebsonsecurity.com/2015/02/turbotaxs-anti-fraud-efforts-under-scrutiny/ <br />
* Two Security Vulnerabilities in the Spring Framework’s MVC pdf (from 2008) http://blog.diniscruz.com/2011/07/two-security-vulnerabilities-in-spring.html<br />
* The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns http://static.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf <br />
* Understanding Web Bots and How They Hurt Your Business Encapsula http://www.slideshare.net/Incapsula/understanding-web-bots-and-how-they-hurt-your-business <br />
* Use of A Taxonomy of Security Faults, Taimur Aslam, Ivan Krsul and Eugene H Spafford, 1996 http://docs.lib.purdue.edu/cgi/viewcontent.cgi?article=2304&context=cstech<br />
* The WASC Threat Classification v2.0 http://projects.webappsec.org/w/page/13246978/Threat%20Classification <br />
* Warhol Worms: The Potential for Very Fast Internet Plagues http://www.iwar.org.uk/comsec/resources/worms/warhol-worm.htm <br />
* Web Application Attack Report #5 Imperva http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf <br />
* Web Application Defender's Cookbook: Battling Hackers and Protecting Users, Ryan Barnett, Wiley, December 2012 http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118362187.html <br />
* Web Attacks in the Wild Corsaire https://www.owasp.org/images/a/a7/Web_attacks_in_the_wild_-_ap.pdf <br />
* Web Automation Friend or Foe? https://www.owasp.org/images/5/58/OWASP_Israel_-_May_2009_-_Ofer_Shezaf_-_Automation_Attacks.pdf <br />
* Web Spambot Detection Based on Web Navigation Behaviour http://pedramhayati.com/papers/Web_Spambot_Detection_Based_on_Web_Usage_Behaviour.pdf <br />
* Website Security Statistics Report, 2014 http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf <br />
* What is Zeus? http://www.sophos.com/medialibrary/pdfs/technical%20papers/sophos%20what%20is%20zeus%20tp.pdf <br />
* When Web 2.0 Attacks! Understanding Ajax Flash and other highly interactive web technologies… https://www.owasp.org/images/f/fc/When_Web_2.0_Attacks_-_Understanding_Security_Implications_of_Highly_Interactive_Technologies-Rafal_Los.pdf <br />
* Where have all of our Passwords Gone? Gartner 2015 http://blogs.gartner.com/avivah-litan/2015/01/22/where-have-all-our-passwords-gone/ <br />
* WS-Attacks.org http://www.ws-attacks.org/index.php/Main_Page<br />
<br />
=FAQs=<br />
<br />
; What do you mean by "web", "application" and "automated threat"?<br />
: See the definitions in the project's {{#switchtablink:Project Scope and Definitions|glossary}}.<br />
<br />
; What is an "ontology"?<br />
: An ontology is a set of types, properties, and relationship. These together define a subject description language. This particular ontology is meant to represent what automated threats real world owners observe affecting their web applications in usual operations.<br />
<br />
; Isn't this another bug (vulnerability) list?<br />
: No, none of the named automated threat events are implementation bugs - they relate to abuse of functionality using automated means.<br />
<br />
; I thought "so and so" already did that?<br />
: We found that it did not exist. While many threats are mentioned in the sources researched, there was no overall list or definitions. We found the automated threat events tended to all be in a small number of definied items from Mitre CAPEC and WASC Threat Classification. If you know of other automated threat lists/taxonomies/ontologies, please share them.<br />
<br />
; What is an "oat"?<br />
: It is our abbreviation for OWASP Automated Threat (OAT).<br />
<br />
; I am confused and don't know which OAT my problem is - how do I identify it?<br />
: In 2017 we created a [https://www.owasp.org/index.php/File:Oat-ontology-decision-chart.pdf threat identification chart] to help identify the correct OAT, which can then be confirmed by reading the full description in the [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf handbook]. The short summaries are important explanations of each OAT name.<br />
<br />
; How can I help?<br />
: Please join our mailing list, send ideas, contribute clarifications, corrections and improvement, and let other people know about the project and its handbook.<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
* Sumit Agarwal<br />
* Jason Chan<br />
* Mark Hall<br />
* Omri Iluz<br />
* Andrew van der Stock<br />
* Roland Weber<br />
* [mailto:colin.watson@owasp.org Colin Watson]<br />
* [mailto:tin.zaw@owasp.org Tin Zaw]<br />
<br />
Additionally other professional colleagues and website owners and operators who provided feedback.<br />
<br />
= Road Map and Getting Involved =<br />
<br />
Can you help? The project is looking for information on the prevalence and types of automated threats seen by web application owners in the real world. This will be used to refine and organise the information gathered from research papers, whitepapers, security reports and industry news. Please use the project's mailing lists to keep up-to-date with what's going on, and to contribute your ideas, feedback, and experience:<br />
<br />
* [https://lists.owasp.org/mailman/listinfo/automated_threats_to_web_applications Mailing list]<br />
<br />
To share information confidentially, you can email the project leader directly: [mailto:colin.watson@owasp.org Colin Watson].<br />
<br />
== Completed Outputs==<br />
<br />
* {{#switchtablink:Scope and Definitions|Glossary}}<br />
* {{#switchtablink:Bibliography|Bibligraphy of information sources}}<br />
* A [https://www.owasp.org/index.php/File:Automated-threats.pdf summary chart] has been published summarising the information gathered and work to date<br />
* Identifying automated threats to web applications, and determining the primary name used. This first part of the project intends to produce a consistent vocabulary for discussing the threats before moving onto other aspects<br />
* The primary terms have now been defined and described for the ontology<br />
* A [https://www.owasp.org/index.php/File:Automation-briefing.pdf briefing document] was produced in May 2015<br />
* Release [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf Automated Threat Handbook] July 2015 [https://www.owasp.org/index.php/File:Owasp-automated-threat-handbook-source-files.zip source files], updated in November 2016<br />
* Release [https://www.owasp.org/index.php/File:Automation-project-briefing.pdf project overview flyer] July 2015<br />
* Release [https://www.owasp.org/index.php/File:Oat-ontology-decision-chart.pdf threat identification chart] December 2016<br />
<br />
== Roadmap==<br />
<br />
The project's roadmap was updated in March 2017.<br />
<br />
===Q1 2015===<br />
* <strike>Feb 2015: Define scope and terminology</strike> Done<br />
* <strike>Mar 2015: Research prior work and reports about automated threats to web applications to create bibliography</strike> Done<br />
<br />
===Q2 2015===<br />
* <strike>Apr 2015: Assess threats/attacks and create ontology</strike> Done<br />
* <strike>Apr 2015: Application owner interviews and creation of initial project outputs, to refine model</strike> Done<br />
* <strike>May 2015: Publication of outputs and request for review/data</strike> Done<br />
* <strike>May 2015: Summit session and survey at AppSec EU</strike> Done<br />
* <strike>Jun 2015 Review</strike> Done<br />
* <strike>Jun 2015 Write ontology document</strike> Done<br />
* <strike>Jun Write 2-page project briefing</strike> Done<br />
* <strike>Jun Publish project briefing</strike> Done<br />
* <strike>Jul 2015: Publish v1.0 ontology</strike> Done<br />
<br />
===Q3 2016===<br />
* <strike>Jul-Sep 2016: Gathering of additional contributions and update handbook</strike> Done<br />
<br />
===Q4 2016===<br />
* <strike>Nov 2016: Release updated handbook</strike> Done<br />
* <strike>Dec 2016: Threat identification chart</strike> Done<br />
<br />
=== Q1 2017 ===<br />
* Dec-Mar 2017: Further review and update to handbook<br />
* <strike>Check against changes to CAPEC v2.9</strike> Done<br />
<br />
=== Q2 2017 ===<br />
* Release v1.2<br />
* Project summit at AppSecEU<br />
<br />
=== Q3 2017 ===<br />
* Write executive summary<br />
* Release executive summary document<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:SAMM-SR-2]] [[Category:SAMM-TA-1]] [[Category:SAMM-EG-2]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=File:BadBots_OWASP_AppSec_CA_2017.pptx&diff=228768File:BadBots OWASP AppSec CA 2017.pptx2017-04-17T16:05:06Z<p>Tin Zaw: Presentation at OWASP AppSec California (2017) conference.</p>
<hr />
<div>Presentation at OWASP AppSec California (2017) conference.</div>Tin Zawhttps://wiki.owasp.org/index.php?title=OWASP_Automated_Threats_to_Web_Applications&diff=219081OWASP Automated Threats to Web Applications2016-07-19T00:43:36Z<p>Tin Zaw: </p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Automated-threats-header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Automated Threats to Web Applications==<br />
<br />
The OWASP Automated Threats to Web Applications Project has completed a review of reports, academic and other papers, news stories and vulnerability taxonomies/listings to identify, name and classify these scenarios – automated by software causing a divergence from accepted behavior producing one or more undesirable effects on a web application, but excluding tool-based exploitation of single-issue vulnerabilities.. The initial objective was to produce an ontology providing a common language for developers, architects, operators, business owners, security engineers, purchasers and suppliers/ vendors, to facilitate clear communication and help tackle the issues.<br />
The project also intends to identify symptoms, mitigations and controls in this problem area. Like all OWASP outputs, everything is free and published using an open source license.<br />
<br />
[https://www.owasp.org/index.php/File:Automation-project-briefing.pdf Two page summary project briefing as a PDF].<br />
<br />
== Description==<br />
<br />
Web applications are subjected to unwanted automated usage – day in, day out. Often these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities. Also, excessive misuse is commonly mistakenly reported as application denial-of-service (DoS) like HTTP-flooding, when in fact the DoS is a side-effect instead of the primary intent. Frequently these have sector-specific names. Most of these problems seen regularly by web application owners are not listed in any OWASP Top Ten or other top issue list. Furthermore, they are not enumerated or defined adequately in existing dictionaries. These factors have contributed to inadequate visibility, and an inconsistency in naming such threats, with a consequent lack of clarity in attempts to address the issues.<br />
<br />
Without sharing a common language between devops, architects, business owners, security engineers, purchasers and suppliers/vendors, everyone has to make extra effort to communicate clearly. Misunderstandings can be costly. The adverse impacts affect the privacy and security of individuals as well as the security of the applications and related system components.<br />
<br />
== Automated Threats ==<br />
<br />
The list of threat events, defined in full in the [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf OWASP Automated Threat Handbook], is:<br />
<br />
{| cellpadding="2"<br />
|-<br />
| width="300" align="left" valign="top" | <br />
<br />
* '''OAT-020''' Account Aggregation<br />
* '''OAT-019''' Account Creation<br />
* '''OAT-003''' Ad Fraud<br />
* '''OAT-009''' CAPTCHA Bypass<br />
* '''OAT-010''' Card Cracking<br />
* '''OAT-001''' Carding<br />
* '''OAT-012''' Cashing Out<br />
* '''OAT-007''' Credential Cracking<br />
* '''OAT-008''' Credential Stuffing<br />
* '''OAT-015''' Denial of Service<br />
<br />
| width="300" align="left" valign="top" | <br />
<br />
* '''OAT-006''' Expediting<br />
* '''OAT-004''' Fingerprinting<br />
* '''OAT-018''' Footprinting<br />
* '''OAT-005''' Scalping<br />
* '''OAT-011''' Scraping<br />
* '''OAT-016''' Skewing<br />
* '''OAT-013''' Sniping<br />
* '''OAT-017''' Spamming<br />
* '''OAT-002''' Token Cracking<br />
* '''OAT-014''' Vulnerability Scanning<br />
<br />
|}<br />
<br />
==Licensing==<br />
<br />
All the materials are free to use. They are licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
&copy; OWASP Foundation<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What Is This? ==<br />
<br />
Information and resources to help web application owners defend against automated threats<br />
<br />
== What Isn't It? ==<br />
<br />
* Another vulnerability list<br />
* Threat modelling<br />
* Attack trees<br />
* Non web<br />
* Non application<br />
<br />
==Project Objective==<br />
<br />
This project brings together research and analysis of real world automated attacks against web applications, to produce documentation to assist operators defend against these threats. Sector-specific guidance will be available.<br />
<br />
== Presentation ==<br />
<br />
[[File:Automatedthreats-presentation-small.jpg|link=media:Colinwatson-a-new-ontology-of-unwanted-automation.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
* [mailto:colin.watson@owasp.org Colin Watson]<br />
* [mailto:tin.zaw@owasp.org Tin Zaw]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP WASC Web Hacking Incidents Database Project|OWASP WASC Web Hacking Incidents Database Project]]<br />
* [[OWASP AppSensor Project|OWASP AppSensor Project]]<br />
* [[OWASP ModSecurity Core Rule Set Project|OWASP ModSecurity Core Rule Set Project]]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== News and Events ==<br />
<br />
* [15 Jul 2016] Tin Zaw becomes co project leader<br />
* [12 Jul 2016] Work on v1.1 begun<br />
* [26 Oct 2015] [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf v1.01 handbook] published<br />
* [24 Sep 2015] [https://www.owasp.org/index.php/File:Colinwatson-a-new-ontology-of-unwanted-automation.pptx Presentation] at [https://2015.appsecusa.org/c/?page_id=896#a AppSec USA 2015]<br />
* [30 Jul 2015] [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf v1.00 handbook] published<br />
* [20 May 2015] Meeting at project summit in Amsterdam<br />
* [12 May 2015] Discussion document published<br />
* [27 Apr 2015] Final summary of research published<br />
* [21 Apr 2015] Notice in OWASP Connector<br />
<br />
==In Print==<br />
<br />
[[File:AutomatedThreatHandbook_small.jpg|link=http://www.lulu.com/shop/owasp-foundation/automated-threat-handbook/paperback/product-22295560.html]]<br />
<br />
The [http://www.lulu.com/shop/owasp-foundation/automated-threat-handbook/paperback/product-22295560.html Automated Threat Handbook] can be purchased at cost as a print on demand book.<br />
<br />
==Classifications==<br />
<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
= Scope and Definitions =<br />
<br />
==Scope==<br />
<br />
The aim was to create a listing of vendor-neutral and technology agnostic terms that describe real-world automated threats to web applications, at a level of abstraction that application owners can relate to. These terms are threat events to web applications undertaken using automated actions.<br />
<br />
The focus is on abuse of functionality - misuse of inherent functionality and related design flaws, some of which are also referred to as business logic flaws. There is almost no focus on implementation bugs. It is not that the latter are not the target for attacks, but there is much more knowledge published in that area with a greater agreement on terminology. All the scenarios identified must require the web to exist for the threat to be materialised. Many of the scenarios have impacts upon the organisation that owns or operates web applications, but some scenarios have impacts more focused on individuals or other bodies. An attack that can be achieved without the web is out of scope.<br />
<br />
==Definitions ==<br />
<br />
=== Automated Threats to Web Applications ===<br />
<br />
Threat events to web applications undertaken using automated actions.<br />
<br />
An attack that can be achieved without the web is out of scope.<br />
<br />
== Glossary ==<br />
<br />
;Action<br />
: An act taken against an asset by a threat agent. Requires first that contact occurs between the asset and threat agent (Ref 1)<br />
<br />
; Application<br />
: Software that performs a business process i.e. not system software<br />
: A software program hosted by an information system (Ref 2)<br />
<br />
; Application layer<br />
: "Layer 7” in the OSI model (Ref 3) and “application layer” in the TCP/IP model (Ref 4)<br />
<br />
;Threat<br />
: Anything that is capable of acting in a manner resulting in harm to an asset and/or organization; for example, acts of God (weather, geological events, etc.); malicious actors; errors; failures (Ref 1)<br />
<br />
;Threat Agent<br />
: Any agent (e.g., object, substance, human, etc.) that is capable of acting against an asset in a manner that can result in harm (Ref 1)<br />
<br />
;Threat Event<br />
: Occurs when a threat agent acts against an asset (Ref 1)<br />
<br />
; Web<br />
: The World Wide Web (WWW, or simply Web) is an information space in which the items of interest, referred to as resources, are identified by global identifiers called Uniform Resource Identifiers (URI) (Ref 5)<br />
: The first three specifications for Web technologies defined URLs, HTTP, and HTML (Ref 6)<br />
<br />
; Web application<br />
: An application delivered over the web<br />
<br />
<br />
Glossary references:<br />
# [http://pubs.opengroup.org/onlinepubs/9699919899/toc.pdf Risk Taxonomy, Technical Standard, The Open Group, 2009]<br />
# [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2, NIST]<br />
# [http://en.wikipedia.org/wiki/OSI_model OSI model, Wikipedia] <br />
# [http://en.wikipedia.org/wiki/Internet_protocol_suite TCP/IP model, Wikipedia]<br />
# [http://www.w3.org/TR/webarch/ Architecture of the World Wide Web, Volume One, W3C]<br />
# [http://www.w3.org/Help/ Help and FAQ, W3C]<br />
<br />
=Use Case Scanarios=<br />
<br />
The following scenarios and organisation names are completely fictitious.<br />
<br />
==Defining application development security requirements==<br />
<br />
Cinnaminta SpA intends to build and launch a new multi-lingual and multi-currency ecommerce website. The development will be outsourced and Cinnaminta has been working on the functional design document. Among many other requirements, the application security specification requires that the website must not include any vulnerabilities identified in PCI DSS v3.1 Requirement 6.5, nor any other vulnerabilities that could affect the protection of payment cardholder data. Cinnaminta specifies that the website's payment functions must not be susceptible to the threat events '''OAT-001 Carding''' or '''OAT-010 Card Cracking''' as defined in the '''OWASP Automated Threat Handbook'''. In addition, the application must interact with the company's existing fraud detection system to counter '''OAT-012 Cashing Out'''. The requirements are specified in terms of these threat events, rather than particular product or service categories. Development houses responding to the call for bids use the ontology to focus their answers to these aspects appropriately.<br />
<br />
== Sharing intelligence within a sector==<br />
<br />
Unlimited Innovations Inc develops and supports patient-facing software solutions to a range of healthcare providers, many of which participate in the National Health Service Cyber Intelligence Sharing Center (NHS-CISC). Unlimited Innovations already builds continuous monitoring capabilities into its software and decides to provide an optional enhancement so that customers could choose to share their misuse event data with each other, to benefit from the combined threat intelligence. Rather than sharing large quantities of low-level data, Unlimited Innovations aggregates information and broadcasts validated and categorised threat data amongst the participating organisations. Automation attacks are classified according to the threat events defined in the '''OWASP Automated Threat Handbook''' so that each receiving party understands the nature of the threat. Even organisations that do not want to take part in this information sharing can benefit, since their own categorised information is made available to internal business management in the form of an easy-to-comprehend monitoring dashboard. The information gathered can also be fed into their other business information management systems to help improve patient service.<br />
<br />
== Exchanging threat data between CERTs==<br />
<br />
National Computer Emergency Response Teams (CERTs) recognise that sharing of local information can contribute to worldwide prevention of cyber attacks. Despite advances in cooperation between CERTs, anything to increase continuity and interoperability, such as standards for data exchange, is encouraged. CERT Zog is concerned about the sparsity of application-specific data it receives, and also the classification of that data. It has a particular concern about attacks and breaches that affect sectors defined in Zog's 2015 national cyber security strategy. CERT Zog and its neighbour CERT Tarset agree to tag threat events using the '''OWASP Automated Threat Handbook''' in order to add greater context to existing solutions being used for threat data exchange between them. The programme also collects sector metadata, so that all organisations within these can benefit from the centralised intelligence.<br />
<br />
== Enhancing application penetration test findings==<br />
<br />
Specialist application security penetration testing firm Cherak Industries Pte Ltd works primarily for financial services companies in the banking and insurance sectors, and is looking to expand its business throughout Asia. Cherak has some innovative pen test result reporting systems which integrate with client software fault and vulnerability tracking systems, and it actively looks for methods to provide additional value to its clients. Cherak has identified that pen test clients would benefit from help to in understanding the effects of combinations of vulnerabilities, especially design flaws, and has decided to utilise the '''OWASP Automated Threat Handbook''' to define and explain the automation-related threats. The individual vulnerabilities were scored as normal using CVSSv2 and v3, the matching CWEs identified, and mitigations in place documented. In addition, Cherak uses the threat events defined in the '''OWASP Automated Threat Handbook''' to help create a new section in the executive summary that explains how combinations of the issues found could lead to automation threats and the possible technical and business impacts. For example, an assessment for one client had identified weaknesses in authentication so that there is a risk of '''OAT-008 Credential Stuffing'''. The defined identifier was provided to the client, so its technical staff could refer to additional information on the OWASP website.<br />
<br />
== Specifying service acquisition needs==<br />
<br />
Falstone Paradise Inc is concerned about malicious use of their portfolio of hotel and resort websites. The majority of the websites use a shared application platform, but there are some unique applications and a large number of other micro-sites, some of which use generic content management systems such as Wordpress and Drupal. Falstone Paradise has identified that its IT operations team are spending too much time dealing with the effects of automated misuse, such as cleaning up data, resetting customer accounts and providing extra capacity during attacks. Furthermore, the unwanted automation is also causing some instabilities leading to negative feedback from customers. Therefore Falstone Paradise decides to go out to the security marketplace to identify, assess and select products or services that might help address these automation issues for all its websites. Their buying team works with their information technology colleagues to write the detailed requirements in an Invitation to Tender (ITT) document. This describes the types of attacks its web applications are receiving, their frequency of occurrence and their magnitudes. These are defined according to the '''OWASP Automated Threat Handbook''', so that vendors do not misunderstand the requirements, and each vendor's offering can be assessed against the particular automation threat events of concern.<br />
<br />
== Characterising vendor services ==<br />
<br />
Better Best Ltd has developed an innovative technology to help gaming companies defend against a range of automated threats that can otherwise permit cheating and distortion of the game, leading to disruption for normal players. The solution can be deployed on premises, but is also available in the cloud as a service. But Better Best is finding difficulty explaining its solution in the market place, especially since it does not fit into any conventional product category. Better Best decide to use the terminology and threat events listed in the '''OWASP Automated Threat Handbook''' to define their product's capabilities. They hope this will provide some clarity about their offering, and also demonstrate how their product can be used to replace more than one other conventional security device. Additionally, Better Best writes a white paper describing how their product has been successfully used by one of their reference customers Hollybush Challenge Games to protect against '''OAT-006 Expediting''', '''OAT-005 Scalping''', '''OAT-016 Skewing''' and '''OAT-013 Sniping'''.<br />
<br />
<br />
<br />
=Ontology=<br />
<br />
==Introduction==<br />
<br />
The list of threat events and summary descriptions, defined in full in the [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf OWASP Automated Threat Handbook], is:<br />
<br />
{| cellpadding="2"<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-020''' Account Aggregation<br />
| align="left" valign="top" | <br />
Use by an intermediary application that collects together multiple accounts and interacts on their behalf.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-019''' Account Creation<br />
| align="left" valign="top" | <br />
Create multiple accounts for subsequent misuse.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-003''' Ad Fraud<br />
| align="left" valign="top" | <br />
False clicks and fraudulent display of web-placed advertisements.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-009''' CAPTCHA Bypass<br />
| align="left" valign="top" | <br />
Solve anti-automation tests.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-010''' Card Cracking<br />
| align="left" valign="top" | <br />
Identify missing start/expiry dates and security codes for stolen payment card data by trying different values.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-001''' Carding<br />
| align="left" valign="top" | <br />
Multiple payment authorisation attempts used to verify the validity of bulk stolen payment card data.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-012''' Cashing Out<br />
| align="left" valign="top" | <br />
Buy goods or obtain cash utilising validated stolen payment card or other user account data.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-007''' Credential Cracking<br />
| align="left" valign="top" | <br />
Identify valid login credentials by trying different values for usernames and/or passwords.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-008''' Credential Stuffing<br />
| align="left" valign="top" | <br />
Mass log in attempts used to verify the validity of stolen username/password pairs.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-015''' Denial of Service<br />
| align="left" valign="top" | <br />
Target resources of the application and database servers, or individual user accounts, to achieve denial of service (DoS).<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-006''' Expediting<br />
| align="left" valign="top" | <br />
Perform actions to hasten progress of usually slow, tedious or time-consuming actions.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-004''' Fingerprinting<br />
| align="left" valign="top" | <br />
Elicit information about the supporting software and framework types and versions.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-018''' Footprinting<br />
| align="left" valign="top" | <br />
Probe and explore application to identify its constituents and properties.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-005''' Scalping<br />
| align="left" valign="top" | <br />
Obtain limited-availability and/or preferred goods/services by unfair methods.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-011''' Scraping<br />
| align="left" valign="top" | <br />
Collect application content and/or other data for use elsewhere.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-016''' Skewing<br />
| align="left" valign="top" | <br />
Repeated link clicks, page requests or form submissions intended to alter some metric.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-013''' Sniping<br />
| align="left" valign="top" | <br />
Last minute bid or offer for goods or services.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-017''' Spamming<br />
| align="left" valign="top" | <br />
Malicious or questionable information addition that appears in public or private content, databases or user messages.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-002''' Token Cracking<br />
| align="left" valign="top" | <br />
Mass enumeration of coupon numbers, voucher codes, discount tokens, etc.<br />
|-<br />
| align="left" valign="top" | <br />
'''OAT-014''' Vulnerability Scanning<br />
| align="left" valign="top" | <br />
Crawl and fuzz application to identify weaknesses and possible vulnerabilities.<br />
|}<br />
<br />
==Comparison with other dictionaries, taxonomies and lists==<br />
<br />
===[https://capec.mitre.org/ Common Attack Pattern Enumeration and Classification] (CAPEC)===<br />
<br />
[[File:Ontology-chart-capec-wiki.png|link=]]<br />
<br />
CAPEC is a dictionary and classification taxonomy of known attacks on software. Its primary classification structures are:<br />
<br />
* [https://capec.mitre.org/data/definitions/3000.html Domains of attack] (3000) - Social Engineering (403), [https://capec.mitre.org/data/definitions/437.html Supply Chain] (437), Communications (512), [https://capec.mitre.org/data/definitions/513.html Software] (513), Physical Security (514), Hardware (515)<br />
* Mechanism of Attack (1000) - Gather Information (118), Deplete Resources (119), Injection (152), Deceptive Interactions (156), Manipulate Timing and State (172), Abuse of Functionality (210), Probabilistic Techniques (223), Exploitation of Authentication (225), Exploitation of Authorization (232), Manipulate Data Structures (255), Manipulate Resources (262), Analyze Target (281), Gain Physical Access (436), Malicious Code Execution (525), Alter System Components (526), Manipulate System Users (527)<br />
<br />
===[http://projects.webappsec.org/w/page/13246978/Threat%20Classification WASC Threat Classification]===<br />
<br />
[[File:Ontology-chart-wasc-wiki.png|link=]]<br />
<br />
The WASC Threat Classification classifies weaknesses and attacks that can lead to the compromise of a website, its data, or its users.<br />
<br />
===[[OWASP WASC Web Hacking Incidents Database Project]] (WHID)===<br />
<br />
WHID [https://www.google.com/fusiontables/DataSource?snapid=S1536501YnLo classifies] publicly known incidents using:<br />
<br />
* attack methods e.g. ARP spoofing, abuse of functionality, account compromise, administration error, automation, backdoor, banking trojan, brute force, clickjacking, code injection, content injection, content spoofing, credential/session prediction, cross site request forgery (CSRF), cross-site scripting (XSS), denial of service, directory traversal, domain hijacking, DNS hijacking, forceful browsing, HTTP response splitting, hidden parameter manipulation, hosting malicious code, information leakage, insufficient authentication, known vulnerability, local file inclusion (LFI), malvertising, malware, malware injection, mass assignment, misconfiguration, OS commanding, parameter manipulation, path traversal, phishing, predictable resource location, process automation, redirection, remote file inclusion (RFI), rogue 3rd party app, scaping, search engine poisoning, shell injection, social engineering, stolen credentials, SQL injection, unintentional information disclosure, weak password recovery validation, worm<br />
* weakness e.g. abuse of functionality, application misconfiguration, directory indexing, improper filesystem permissions, improper input handling, improper output handling, information leakage, insecure indexing, insufficient anti-automation, insufficient authentication, insufficient authorization, insufficient entropy, insufficient password recovery, insufficient process validation, insufficient session expiration, insufficient transport layer protection, misconfiguration, predictable resource location, weak password<br />
* outcome account hijacking, account takeover, botnet participation, chaos, credit card leakage, data loss, defacement, DDoS attacks, DNS hijacking, DNS redirection, disinformation, disclosure only, downtime, extortion, fraud, information warfare, leakage of information, link spam, loss of sales, malware distribution, monetary loss, phishing, planting of malware, service disruption, session hijacking, spam, spam links, stolen credentials, worm<br />
<br />
Plus other/various/unknown.<br />
<br />
= Bibliography =<br />
<br />
The following academic, open source, commercial and news sources were used in the research on automated threats to web applications. OWASP is a worldwide not-for-profit charitable organization focused on improving the security of software. We operate under a vendor neutral policy and we do not endorse products or services.<br />
<br />
* 10 years of Application Security, Denyall http://www.denyall.com/resources/whitepapers/?aliId=3438442<br />
* 2012 Payment Card Threat Report https://www.securitymetrics.com/static/resources/orange/2012%20Payment%20Card%20Threat%20Report%20copy.pdf <br />
* 2014 Bot Traffic Report: Just the Droids You were Looking for http://www.incapsula.com/blog/bot-traffic-report-2014.html <br />
* 3 Types of ‘Return Fraud’ to Monitor this Holiday Season http://www.practicalecommerce.com/articles/3168-3-Types-of-%E2%80%98Return-Fraud-to-Monitor-this-Holiday-Season <br />
* 7 Ways Bots Hurt Your Website, Distil Networks http://www.distilnetworks.com/7-ways-bots-hurt-website-whitepaper/ <br />
* Abusing HTML 5 Structured Client-side Storage 2008 http://packetstorm.wowhacker.com/papers/general/html5whitepaper.pdf <br />
* Acquiring Experience with Ontology and Vocabularies, Walt Melo, Risa Mayan and Jean Stanford, 2011 http://www.omg.org/news/meetings/workshops/SOA-HC/presentations-2011/13_SC-6_Melo_Stanford_Mayan.pdf <br />
* An Anatomy of a SQL Injection Attack Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_An_Anatomy_of_a_SQL_Injection_Attack_SQLi.pdf <br />
* The Anatomy of Clickbot.A https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/daswani/daswani.pdf <br />
* Anatomy of comment spam Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Anatomy_of_Comment_Spam.pdf <br />
* Anti-Automation Monitoring and Prevention 2015 https://www.clerkendweller.uk/2015/1/29/AntiAutomation-Monitoring-and-Prevention <br />
* Anti-DDoS Solution for Internet Corporation http://www.nsfocus.com/uploadfile/Solution/NSFOCUS%20Anti-DDoS%20Solution%20for%20Internet%20Corporation.pdf <br />
* Anti-Fraud Principles and Proposed Taxonomy Sep 2014 http://www.iab.net/media/file/IAB_Anti_Fraud_Principles_and_Taxonomy.pdf <br />
* Apache Security Ivan Ristic <br />
* Application Security Desk Reference, OWASP https://www.owasp.org/index.php/Category:OWASP_ASDR_Project<br />
* Application Security Guide For CISOs, OWASP, 2013 https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf<br />
* AppSensor, OWASP https://www.owasp.org/index.php/OWASP_AppSensor_Project<br />
* Attack & Defense Labs http://www.andlabs.org/html5.html <br />
* Attack categories OWASP https://www.owasp.org/index.php/Category:Attack <br />
* Attack Trees, Schneier, Dr. Dobb's Journal, December 1999 https://www.schneier.com/paper-attacktrees-ddj-ft.html <br />
* Attacking with HTML5 2010 https://media.blackhat.com/bh-ad-10/Kuppan/Blackhat-AD-2010-Kuppan-Attacking-with-HTML5-wp.pdf <br />
* Automated attacks Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Automation_of_Attacks.pdf <br />
* Avoiding the Top 10 Software Security Design Flaws http://cybersecurity.ieee.org/images/files/images/pdf/CybersecurityInitiative-online.pdf <br />
* Bad Bots On The Rise Dec 2014 http://www.darkreading.com/informationweek-home/bad-bots-on-the-rise/d/d-id/1318276 <br />
* Banking Botnets Persist Despite Takedowns, Dell SecureWorks, 2015 http://www.secureworks.com/cyber-threat-intelligence/threats/banking-botnets-persist-despite-takedowns/ <br />
* The Barracuda Web Application Firewall: XML Firewall https://www.barracuda.com/assets/docs/White_Papers/Barracuda_Web_Application_Firewall_WP_XML_Firewall.pdf <br />
* Blocking Brute Force Attacks http://www.cs.virginia.edu/~csadmin/gen_support/brute_force.php <br />
* Bot Traffic Growing Problem for Digital Oct 2014 http://www.netnewscheck.com/article/36537/bot-traffic-growing-problem-for-digital <br />
* BotoPedia Incapsula http://www.botopedia.org/ <br />
* Boy in the Browser Imperva http://www.imperva.com/DefenseCenter/ThreatAdvisories/Boy_in_the_Browser <br />
* Business Logic Attacks - Bots and BATs, Eldad Chai, 2009 http://www.owasp.org/images/9/96/AppSecEU09_BusinessLogicAttacks_EldadChai.ppt <br />
* Bypassing Client Application Protection Techniques http://www.securiteam.com/securityreviews/6S0030ABPE.html<br />
* A CAPTCHA in the Rye Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_a_CAPTCHA_in_the_Rye.pdf <br />
* Characterizing Large Scale Click fraud http://cseweb.ucsd.edu/~voelker/pubs/za-ccs14.pdf <br />
* Charter Addition Proposal: "Trusted Code" for the Web https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0150.html<br />
* A cheesy Apache / IIS DoS vuln (+a question) http://www.securityfocus.com/archive/1/456339/30/0/threaded <br />
* China's Man-on-the-Side Attack on GitHub http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub<br />
* The CISO Survey and Report, OWASP, 2013 https://www.owasp.org/index.php/File:Owasp-ciso-report-2013-1.0.pdf<br />
* Common Attack Pattern Enumeration and Classification (CAPEC), Mitre https://capec.mitre.org/ <br />
* Common Cyber Attacks: Reducing the Impact CERT-UK https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf <br />
* Corporate espionage – the internet’s new growth industry http://www.itproportal.com/2015/03/19/corporate-espionage-internets-new-growth-industry/ <br />
* CSA Top Threats to Cloud Computing https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf <br />
* CSRF vulnerability in GMail service http://seclists.org/fulldisclosure/2009/Mar/29 <br />
* CWE/SANS Top 25 Most Dangerous Software Errors, 2011 http://cwe.mitre.org/top25/ <br />
* Cyber Fraud - Tactics Techniques and Procedures http://www.crcpress.com/product/isbn/9781420091274 <br />
* Cybercrime Report: Q1 2015, ThreatMetrix, 2015 http://info.threatmetrix.com/WP-2015Q1CybercrimeReport_WP-LP.html<br />
* Data Breach Investigations Report (DBIR), 2014 http://www.verizonenterprise.com/DBIR/2014/ <br />
* Data Breach Investigations Report (DBIR), 2015 http://www.verizonenterprise.com/DBIR/2015/<br />
* Data Breaches Fuel Login Attacks Akamai Feb 2015 http://www.stateoftheinternet.com/downloads/pdfs/2014-state-of-the-internet-threat-advisory-public-data-breaches-fuel-login-attacks.pdf <br />
* Data Scraping Wikipedia http://en.wikipedia.org/wiki/Data_scraping <br />
* DDoS Quick Guide https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf <br />
* DDoS Threat Landscape Report, 2013-2014 http://lp.incapsula.com/rs/incapsulainc/images/2013-14_ddos_threat_landscape.pdf <br />
* Defending Against an Internet-based Attack on the Physical World http://avirubin.com/scripted.attacks.pdf <br />
* Defending Against Application-Based DDoS Attacks with the Barracuda Web Application Firewall https://www.barracuda.com/assets/docs/White_Papers/Barracuda_Web_Application_Firewall_WP_Defending%20_Against_%20Application-Based_%20DDoS_%20Attacks.pdf <br />
* Demystifying HTML 5 Attacks http://resources.infosecinstitute.com/demystifying-html-5-attacks/ <br />
* Denial of Service Attacks: A Comprehensive Guide to Trends Techniques and Technologies Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdf<br />
* Detecting and Blocking Site Scraping Attacks Imperva http://www.imperva.com/docs/WP_Detecting_and_Blocking_Site_Scraping_Attacks.pdf <br />
* Detecting Automation of Twitter Accounts: Are you a human cyborg or a bot? http://www.cs.wm.edu/~hnw/paper/tdsc12b.pdf <br />
* Detecting Malice Robert "RSnake" Hansen 2009 http://www.detectmalice.com/ <br />
* Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1414072277428&uri=CELEX:32002L0058 <br />
* Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:31995L0046 <br />
* Distributed Denial-of-Service (DDoS) Cyber-Attacks Risk Mitigation and Additional Resources Federal Financial Institutions Examination Council http://www.ffiec.gov/press/PDF/FFIEC%20DDoS%20Joint%20Statement.pdf <br />
* Do Evil - The Business of Social Media Bots Forbes http://www.forbes.com/sites/lutzfinger/2015/02/17/do-evil-the-business-of-social-media-bots/ <br />
* DoS and DDoS Glossary of Terms prolexic http://www.prolexic.com/knowledge-center-dos-and-ddos-glossary.html#layer-7-ddos-attack <br />
* E-commerce Malware Trustwave https://gsr.trustwave.com/topics/placeholder-topic/e-commerce-malware/ <br />
* Exploiting Software, G. Hoglund and G. McGraw, Addison-Wesley, 2004<br />
* Five Trends to Track<br />
in E-Commerce Fraud, ThreatMetrix, 2013 http://info.threatmetrix.com/rs/threatmetrix/images/Five_Trends_eCommerce_Fraud_WP.pdf<br />
* Hacker builds cheatbot for hit app Trivia Crack http://www.theregister.co.uk/2015/03/26/hacker_builds_trivia_crack_cheat_app/ <br />
* How to Defend Against DDoS Attacks - Strategies for the Network Transport and Application Layers Prolexic http://www.prolexic.com/kcresources/white-paper/strategies-for-the-network-transport-and-application-layers-412/Strategies_for_the_Network_Transport_and_Application_Layers_Prolexic_White_Paper_A4_082412.pdf <br />
* How to Defend Online Travel Websites in the Era of Site Scraping, Distil Networks http://www.distilnetworks.com/defend-online-travel-websites-era-site-scraping-download/<br />
* How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores http://research.microsoft.com/pubs/145858/caas-oakland-final.pdf <br />
* HTML5 Overview A look at HTML5 Attack Scenarios Trend Micro 2011 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_html5-attack-scenarios.pdf <br />
* HTML5 Top 10 Threats Stealth Attacks and Silent Exploits 2012 https://media.blackhat.com/bh-eu-12/shah/bh-eu-12-Shah_HTML5_Top_10-WP.pdf <br />
* HTML5 web security 2011 http://media.hacking-lab.com/hlnews/HTML5_Web_Security_v1.0.pdf <br />
* HTTPPOST - Slow POST Wong Onn Chee OWASP AppSec DC 2010 https://www.owasp.org/images/4/43/Layer_7_DDOS.pdf <br />
* If you've got @British_Airways account may make sense to change your password. Just had all my Avios cleared out! https://twitter.com/suttonnick/status/581556027948195840/photo/1 <br />
* Internet Security Threat Report, Volume 19, 2014 http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf<br />
* An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks http://www.springer.com/gb/book/9788132202769 <br />
* Is Your Data Center Ready for Today’s DDoS Threats? DDoS attack types protection methods and testing your detection and mitigation defenses http://www.fortinet.com/sites/default/files/whitepapers/WP-DDoS-Testing.pdf <br />
* Joomla Reflection DDoS-for-Hire Akamai Feb 2015 http://www.stateoftheinternet.com/downloads/pdfs/2015-state-of-the-internet-threat-advisory-joomla-reflection-attack-ddos-for-hire.pdf <br />
* Layer 7 DDOS – Blocking HTTP Flood Attacks http://blog.sucuri.net/2014/02/layer-7-ddos-blocking-http-flood-attacks.html <br />
* Lenovo Superfish put smut on my system' – class-action lawsuit The Register http://www.theregister.co.uk/2015/02/23/lenovo_superfish_class_action_lawsuit/ <br />
* List of Attack Vectors Relative Vulnerability Rating TECAPI http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp#<br />
* Man in the Browser http://scisweb.ulster.ac.uk/~kevin/IJACI-Vol4No1-maninbrowser.pdf <br />
* Man in the Browser Attack https://www.owasp.org/index.php/Man-in-the-browser_attack<br />
* Mapping and Measuring Cybercrime, Oxford Internet Institute http://www.oii.ox.ac.uk/publications/FD18.pdf <br />
* Massive Changes in the Criminal Landscape Europol 2015 https://www.europol.europa.eu/content/massive-changes-criminal-landscape <br />
* Matching Attack Patterns to Security Vulnerabilities in Software-Intensive System Designs http://collaboration.csc.ncsu.edu/laurie/Papers/ICSE_Final_MCG_LW.pdf <br />
* Mitigating DDoS Attacks with F5 Technology F5 https://f5.com/resources/white-papers/mitigating-ddos-attacks-with-f5-technology <br />
* Mitigating the DoS/DDosS Threat, Radware, 2012 http://www.radware.com/PleaseRegister.aspx?returnUrl=6442452061<br />
* Modern Web Attacks, Sophos, 2007 http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/modern-web-attacks.aspx<br />
* ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks https://www.trustwave.com/Resources/SpiderLabs-Blog/(Updated)-ModSecurity-Advanced-Topic-of-the-Week--Mitigating-Slow-HTTP-DoS-Attacks/ <br />
* Most common attacks on web applications https://ipsec.pl/web-application-security/most-common-attacks-web-applications.html <br />
* New Wave of DDoS Attacks Launched BankInfoSecurity.com Mar 2013 http://www.bankinfosecurity.com/new-wave-ddos-attacks-launched-a-5584/op-1 <br />
* NOMAD: Toward Non-Invasive Moving Target Defense Against Web Bots http://faculty.cs.tamu.edu/guofei/paper/NOMAD_CNS13.pdf <br />
* Online Ad Fraud Exposed: Advertisers Losing $6.3 Billion To $10 Billion Per Year Sep 2014 http://www.darkreading.com/analytics/threat-intelligence/online-ad-fraud-exposed-advertisers-losing-$63-billion-to-$10-billion-per-year/d/d-id/1317979 <br />
* Online Data Companies versus Bots: The Fight is on for Control of Online Data, Distil Networks http://www.distilnetworks.com/online-data-companies-vs-bots-download/<br />
* Optimal Airline Ticket Purchasing Using Automated User-Guided Feature Selection http://ijcai.org/papers13/Papers/IJCAI13-032.pdf <br />
* Payment Checkout Flaws and Bugs 2014 https://www.clerkendweller.uk/2014/11/4/Payment-Checkout-Flaws-and-Bugs <br />
* PCI Compliance Report 2015 Verizon http://www.verizonenterprise.com/pcireport/2015/ <br />
* Pixel Perfect Timing Attacks with HTML5 2013 http://www.contextis.com/services/research/white-papers/pixel-perfect-timing-attacks-html5/ <br />
* Polymorphism as a Defense for Automated Attack of Websites http://link.springer.com/chapter/10.1007%2F978-3-319-07536-5_30 <br />
* Preventing Web Scraping: Best Practice https://creativedigitalideas.files.wordpress.com/2014/11/best-practice-to-prevent-web-scraping.pdf <br />
* Profile: Automated Credit Card Fraud http://old.honeynet.org/papers/profiles/cc-fraud.pdf <br />
* Protecting Against Web Floods, Radware http://www.radware.com/PleaseRegister.aspx?returnUrl=6442452968<br />
* Q4 2014 State of the Internet Security Report prolexic http://www.stateoftheinternet.com/downloads/pdfs/2014-internet-security-report-q4.pdf <br />
* Reflection injection http://cybersecurity.ieee.org/images/files/images/pdf/CybersecurityInitiative-online.pdf <br />
* A Report on taxonomy and evaluation of existing inventories, ENISAhttp://ecrime-project.eu/wp-content/uploads/2015/02/E-Crime-Deliverable-2-1-20141128_FINAL.pdf <br />
* Reporting Intellectual Property Crime: A Guide for Victims of Copyright Infringement, Trademark Counterfeiting, and Trade Secret Theft, Dept of Justice http://www.justice.gov/criminal/cybercrime/docs/ip-victim-guide-and-checklist-march-2013.pdf<br />
* SANS Top 20 Critical Controls https://www.sans.org/critical-security-controls/ <br />
* Securing Websites, Sophos, 2011 http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/securing-websites.aspx <br />
* Security Insights: Defending Against Automated Threats http://www.securityweek.com/security-insights-defending-against-automated-threats <br />
* Server side DDoS Imperva http://www.imperva.com/DefenseCenter/ThreatAdvisories/DDOS_Attack_Method_Payload_05182010 <br />
* Slow Read Denial of Service attack https://code.google.com/p/slowhttptest/wiki/SlowReadTest <br />
* Slow-Read DoS Attack https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Advanced-Topic-of-the-Week--Mitigation-of--Slow-Read--Denial-of-Service-Attack/ <br />
* Slowloris HTTP DoS http://ha.ckers.org/slowloris/ <br />
* So what are the "most critical" application flaws? On new OWASP Top 10 https://ipsec.pl/application-security/2013/so-what-are-most-critical-application-flaws-new-owasp-top-10.html <br />
* Social Media Bots Offer Phony Friends and Real Profit NY Times http://www.nytimes.com/2014/11/20/fashion/social-media-bots-offer-phony-friends-and-real-profit.html?_r=1 <br />
* Software Vulnerability Analysis, Krsul, 1998 http://www.krsul.org/ivan/articles/main.pdf<br />
* Sophos Security Threat Report http://blogs.sophos.com/2014/12/11/our-top-10-predictions-for-security-threats-in-2015-and-beyond/<br />
* SpoofedMe Social Login Attack Discovered by IBM X-Force Researchers http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers/#.VSuiEhPSngM <br />
* State of Software Security Report, Volume 5, Veracode, 2013 https://info.veracode.com/state-of-software-security-report-volume5.html<br />
* Stopping Automated Attack Tools http://www.technicalinfo.net/papers/StoppingAutomatedAttackTools.html<br />
* Taxonomy on Online Game Security http://www.math.snu.ac.kr/~jhcheon/publications/2004/Taxonomy%20on%20online%20game%20security_EL.pdf <br />
* A Taxonomy of Computer Program Security Flaws, with Examples, Landwehr https://cwe.mitre.org/documents/sources/ATaxonomyofComputerProgramSecurityFlawswithExamples%5BLandwehr93%5D.pdf<br />
* A Taxonomy of Security Faults in the UNIX Operating System, Aslam, 1995 https://cwe.mitre.org/documents/sources/ATaxonomyofSecurityFaultsintheUNIXOperatingSystem%5BAslam95%5D.pdf <br />
* Testing Guide, v4, OWASP, 2014 https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf <br />
* The Bot Baseline: Fraud in Digital Advertising https://s3.amazonaws.com/whiteops-public/WO-ANA-Baseline-Study-of-Bot-Fraud.pdf <br />
* The Internet Organised Crime Threat Assessment (iOCTA) 2014 https://www.europol.europa.eu/content/internet-organised-crime-threat-assesment-iocta <br />
* The Notorious Nine Cloud Computing Top Threats in 2013 CSA https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf <br />
* The Risks of Content Management Systems, IBM, 2015 https://portal.sec.ibm.com/mss/html/en_US/support_resources/pdf/CMS_Threats_MSS_Threat_Report.pdf <br />
* The Spy in the Sandbox – Practical Cache Attacks in Javascript http://iss.oy.ne.ro/SpyInTheSandbox.pdf <br />
* Thousands of Hacked Uber Accounts Selling on Dark Web for $1 http://thehackernews.com/2015/03/thousands-of-hacked-uber-accounts_30.html?m=1<br />
* Threat Intelligence Quarterly, IBM, 1Q 2015 https://www.ibm.com/services/forms/signup.do?source=swg-WW_Security_Organic&S_PKG=ov33510&S_TACT=C327017W&dynform=18101<br />
* Threat Modeling: Designing for Security, Adam Shostack, Wiley, April 2014 http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118809998.html<br />
* Threats and Mitigations: A Guide to Multi-Layered Web Security - eBook Prolexic http://www.prolexic.com/knowledge-center/prolexic-download/guide-multi-layered-web-security-ebook.pdf <br />
* Trapping Unknown Malware in a Context Web, Sophos http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/HuqSzabo-VB2013.pdf?la=en.pdf<br />
* Trustwave Global Security Report 2014 https://www2.trustwave.com/GSR2014.html?utm_source=redirect&utm_medium=web&utm_campaign=GSR2014 <br />
* TurboTax’s Anti-Fraud Efforts Under Scrutiny http://krebsonsecurity.com/2015/02/turbotaxs-anti-fraud-efforts-under-scrutiny/ <br />
* Two Security Vulnerabilities in the Spring Framework’s MVC pdf (from 2008) http://blog.diniscruz.com/2011/07/two-security-vulnerabilities-in-spring.html<br />
* The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns http://static.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf <br />
* Understanding Web Bots and How They Hurt Your Business Encapsula http://www.slideshare.net/Incapsula/understanding-web-bots-and-how-they-hurt-your-business <br />
* Use of A Taxonomy of Security Faults, Taimur Aslam, Ivan Krsul and Eugene H Spafford, 1996 http://docs.lib.purdue.edu/cgi/viewcontent.cgi?article=2304&context=cstech<br />
* The WASC Threat Classification v2.0 http://projects.webappsec.org/w/page/13246978/Threat%20Classification <br />
* Warhol Worms: The Potential for Very Fast Internet Plagues http://www.iwar.org.uk/comsec/resources/worms/warhol-worm.htm <br />
* Web Application Attack Report #5 Imperva http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf <br />
* Web Application Defender's Cookbook: Battling Hackers and Protecting Users, Ryan Barnett, Wiley, December 2012 http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118362187.html <br />
* Web Attacks in the Wild Corsaire https://www.owasp.org/images/a/a7/Web_attacks_in_the_wild_-_ap.pdf <br />
* Web Automation Friend or Foe? https://www.owasp.org/images/5/58/OWASP_Israel_-_May_2009_-_Ofer_Shezaf_-_Automation_Attacks.pdf <br />
* Web Spambot Detection Based on Web Navigation Behaviour http://pedramhayati.com/papers/Web_Spambot_Detection_Based_on_Web_Usage_Behaviour.pdf <br />
* Website Security Statistics Report, 2014 http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf <br />
* What is Zeus? http://www.sophos.com/medialibrary/pdfs/technical%20papers/sophos%20what%20is%20zeus%20tp.pdf <br />
* When Web 2.0 Attacks! Understanding Ajax Flash and other highly interactive web technologies… https://www.owasp.org/images/f/fc/When_Web_2.0_Attacks_-_Understanding_Security_Implications_of_Highly_Interactive_Technologies-Rafal_Los.pdf <br />
* Where have all of our Passwords Gone? Gartner 2015 http://blogs.gartner.com/avivah-litan/2015/01/22/where-have-all-our-passwords-gone/ <br />
* WS-Attacks.org http://www.ws-attacks.org/index.php/Main_Page <br />
<br />
<br />
<br />
<br />
=FAQs=<br />
<br />
''This page is in the process of creation''<br />
<br />
; How do you define "web", "application" and "automated threat"?<br />
: See the definitions in the project's {{#switchtablink:Project Scope and Definitions|glossary}}.<br />
<br />
; What is an "ontology"?<br />
: An ontology is a set of types, properties, and relationship. These together define a subject description language. This particular ontology is meant to represent what automated threats real world owners observe affecting their web applications in usual operations.<br />
<br />
; Isn't this another bug (vulnerability) list?<br />
: Answer<br />
<br />
; I thought "XYZ" already did that?<br />
: Answer<br />
<br />
; How can I help?<br />
: Answer<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:colin.watson@owasp.org Colin Watson]<br />
<br />
Jason Chan<br />
<br />
Mark Hall<br />
<br />
Andrew van der Stock<br />
<br />
Roland Weber<br />
<br />
[https://www.owasp.org/index.php/User:Tin_Zaw Tin Zaw]<br />
<br />
Additionally other professional colleagues and website owners and operators who provided feedback.<br />
<br />
= Road Map and Getting Involved =<br />
<br />
Can you help? The project is looking for information on the prevalence and types of automated threats seen by web application owners in the real world. This will be used to refine and organise the information gathered from research papers, whitepapers, security reports and industry news. Please use the project's mailing lists to keep up-to-date with what's going on, and to contribute your ideas, feedback, and experience:<br />
<br />
* [https://lists.owasp.org/mailman/listinfo/automated_threats_to_web_applications Mailing list]<br />
<br />
To share information confidentially, you can email the project leader directly: [mailto:colin.watson@owasp.org Colin Watson].<br />
<br />
== Completed Outputs==<br />
<br />
* {{#switchtablink:Scope and Definitions|Glossary}}<br />
* {{#switchtablink:Bibliography|Bibligraphy of information sources}}<br />
* A [https://www.owasp.org/index.php/File:Automated-threats.pdf summary chart] has been published summarising the information gathered and work to date<br />
* Identifying automated threats to web applications, and determining the primary name used. This first part of the project intends to produce a consistent vocabulary for discussing the threats before moving onto other aspects<br />
* The primary terms have now been defined and described for the ontology<br />
* A [https://www.owasp.org/index.php/File:Automation-briefing.pdf briefing document] was produced in May 2015<br />
* Release [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf Automated Threat Handbook] July 2015<br />
* Release [https://www.owasp.org/index.php/File:Automation-project-briefing.pdf project overview flyer] July 2015<br />
<br />
<br />
== Roadmap==<br />
<br />
The project's roadmap was updated in June 2015.<br />
<br />
===Q1 2015===<br />
* <strike>Feb 2015: Define scope and terminology</strike> Done<br />
* <strike>Mar 2015: Research prior work and reports about automated threats to web applications to create bibliography</strike> Done<br />
<br />
===Q2 2015===<br />
* <strike>Apr 2015: Assess threats/attacks and create ontology</strike> Done<br />
* <strike>Apr 2015: Application owner interviews and creation of initial project outputs, to refine model</strike> Done<br />
* <strike>May 2015: Publication of outputs and request for review/data</strike> Done<br />
* <strike>May 2015: Summit session and survey at AppSec EU</strike> Done<br />
* <strike>Jun 2015 Review</strike> Done<br />
* <strike>Jun 2015 Write ontology document</strike> Done<br />
* <strike>Jun Write 2-page project briefing</strike> Done<br />
* <strike>Jun Publish project briefing</strike> Done<br />
* <strike>Jul 2015: Publish v1.0 ontology</strike> Done<br />
<br />
===Q3 2016===<br />
* Jul-Sep 2016: Gathering of additional contributions and update handbook.<br />
<br />
===Q4 2016===<br />
* Oct 2016: Release updated handbook.<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:SAMM-SR-2]] [[Category:SAMM-TA-1]] [[Category:SAMM-EG-2]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=User:Tin_Zaw&diff=219080User:Tin Zaw2016-07-19T00:40:28Z<p>Tin Zaw: </p>
<hr />
<div>Tin Zaw is a former president of OWASP Los Angeles chapter and currently co-leads Automated Web Threats project. <br />
<br />
Tin holds an MBA and a Master’s degree from University of Southern California, and a Bachelor’s degree from Pittsburg State University, Kansas. Tin has held Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP) certificates.</div>Tin Zawhttps://wiki.owasp.org/index.php?title=User:Tin_Zaw&diff=219079User:Tin Zaw2016-07-19T00:39:48Z<p>Tin Zaw: </p>
<hr />
<div>Tin Zaw is a former president of OWASP Los Angeles chapter and currently co-leads Automated Web Threats project. <br />
<br />
Tin holds an MBA and a Master’s degree from University of Southern California, and a Bachelor’s degree from Pittsburg State University, Kansas. Tin has held a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP).</div>Tin Zawhttps://wiki.owasp.org/index.php?title=User:Tin_Zaw&diff=219060User:Tin Zaw2016-07-18T22:46:41Z<p>Tin Zaw: </p>
<hr />
<div>Tin Zaw is a former president of OWASP Los Angeles chapter and currently co-leads Automated Web Threats projects. <br />
<br />
Tin holds an MBA and a Master’s degree from University of Southern California, and a Bachelor’s degree from Pittsburg State University, Kansas. Tin has held a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP).</div>Tin Zawhttps://wiki.owasp.org/index.php?title=User:Tin_Zaw&diff=149184User:Tin Zaw2013-04-05T00:13:43Z<p>Tin Zaw: </p>
<hr />
<div>Tin Zaw is a former president of OWASP Los Angeles chapter and continues to serve on its board of directors. At OWASP he has served as chair of Global Chapters Committee and co-chair of AppSec USA 2010 organizing committee. <br />
<br />
Tin's day job focuses on securing products at Intuit, maker of TurboTax, Quicken and Mint.com. Tin has worked at companies such as AT&T, Symantec, Inktomi (now Yahoo!) and QUALCOMM as a software engineer, technical manager, security architect and head of security. <br />
<br />
Tin holds an MBA and a Master’s degree from University of Southern California, and a Bachelor’s degree from Pittsburg State University, Kansas. Tin is a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP).</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=134448Los Angeles2012-08-17T02:19:11Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to the Los Angeles Chapter! ==<br />
<br />
'''Sponsors and Supporters Donate Here:''' <br />
=====https://www.cvent.com/events/owasp-sponsorship-and-donation/registration-99bc1441e2684ff5b214b0df6b3a9ae3.aspx=====<br />
<br />
Single Meeting Supporter:<br />
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission <br />
Get the following benefits::<br />
- Meet upwards of 60-70 potential new clients<br />
- Be recognized as a local supporter by posting your company logo on the local chapter page(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi) <br />
- Have a table at local chapter meeting <br />
- Promote your products and services<br />
- Bring a raffle prize to gather business cards<br />
<br />
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next Meeting: Security Summer Social August 22, 2012 at 6:30PM at The Daily Grill == <br />
612 S. Flower Street ● Los Angeles, CA 90017<br />
<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/65238842/ =====<br />
<br><br />
Thanks to generous support of our sponsor, Corero Network Security, we<br />
will be waiving donation requirement. Everyone will receive one free<br />
drink ticket and we will have hors d'oeuvres for everyone.<br />
<br><br><br />
Corero Network Security (CNS:LN), an organization’s First Line of<br />
Defense, is an international network security company and the leading<br />
provider of Distributed Denial of Service (DDoS) defense and Next<br />
Generation Intrusion Prevention Systems (NGIPS) solutions. As the<br />
First Line of Defense, Corero’s products and services stop DDoS<br />
attacks, protect IT infrastructure and eliminate downtime. Customers<br />
include enterprises, service providers and government organizations<br />
worldwide. Corero’s appliance-based solutions are dynamic and<br />
automatically respond to evolving cyber attacks, known and unknown,<br />
allowing existing IT infrastructure -- such as firewalls -- to perform<br />
their intended purposes. Corero’s products are transparent, highly<br />
scalable and feature the lowest latency and highest reliability in the<br />
industry. Corero is headquartered in Hudson, Massachusetts with<br />
offices around the world. <br />
<br><br />
<br> <br />
Visit www.corero.com<br />
<br><br />
<br> <br />
http://www.corero.com/resources/images/grid/logo.gif<br />
<br><br />
<br> <br />
== Would you like to speak at an OWASP Los Angeles Meeting? == <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Kelly.Fitzgerald@owasp.org Kelly Fitzgerald] -- Board Member <br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
<br />
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker <br><br />
Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=134447Los Angeles2012-08-17T02:18:35Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to the Los Angeles Chapter! ==<br />
<br />
'''Sponsors and Supporters Donate Here:''' <br />
=====https://www.cvent.com/events/owasp-sponsorship-and-donation/registration-99bc1441e2684ff5b214b0df6b3a9ae3.aspx=====<br />
<br />
Single Meeting Supporter:<br />
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission <br />
Get the following benefits::<br />
- Meet upwards of 60-70 potential new clients<br />
- Be recognized as a local supporter by posting your company logo on the local chapter page(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi) <br />
- Have a table at local chapter meeting <br />
- Promote your products and services<br />
- Bring a raffle prize to gather business cards<br />
<br />
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next Meeting: Security Summer Social August 22, 2012 at 6:30PM at The Daily Grill == <br />
612 S. Flower Street ● Los Angeles, CA 90017<br />
<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/65238842/ =====<br />
<br><br />
Thanks to generous support of our sponsor, Corero Network Security, we<br />
will be waiving donation requirement. Everyone will receive one free<br />
drink ticket and we will have hors d'oeuvres for everyone.<br />
<br><br><br />
Corero Network Security (CNS:LN), an organization’s First Line of<br />
Defense, is an international network security company and the leading<br />
provider of Distributed Denial of Service (DDoS) defense and Next<br />
Generation Intrusion Prevention Systems (NGIPS) solutions. As the<br />
First Line of Defense, Corero’s products and services stop DDoS<br />
attacks, protect IT infrastructure and eliminate downtime. Customers<br />
include enterprises, service providers and government organizations<br />
worldwide. Corero’s appliance-based solutions are dynamic and<br />
automatically respond to evolving cyber attacks, known and unknown,<br />
allowing existing IT infrastructure -- such as firewalls -- to perform<br />
their intended purposes. Corero’s products are transparent, highly<br />
scalable and feature the lowest latency and highest reliability in the<br />
industry. Corero is headquartered in Hudson, Massachusetts with<br />
offices around the world. <br />
<br><br />
<br> <br />
Visit [www.corero.com]<br />
<br><br />
<br> <br />
http://www.corero.com/resources/images/grid/logo.gif<br />
<br><br />
<br> <br />
== Would you like to speak at an OWASP Los Angeles Meeting? == <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Kelly.Fitzgerald@owasp.org Kelly Fitzgerald] -- Board Member <br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
<br />
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker <br><br />
Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=134446Los Angeles2012-08-17T02:16:53Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to the Los Angeles Chapter! ==<br />
<br />
'''Sponsors and Supporters Donate Here:''' <br />
=====https://www.cvent.com/events/owasp-sponsorship-and-donation/registration-99bc1441e2684ff5b214b0df6b3a9ae3.aspx=====<br />
<br />
Single Meeting Supporter:<br />
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission <br />
Get the following benefits::<br />
- Meet upwards of 60-70 potential new clients<br />
- Be recognized as a local supporter by posting your company logo on the local chapter page(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi) <br />
- Have a table at local chapter meeting <br />
- Promote your products and services<br />
- Bring a raffle prize to gather business cards<br />
<br />
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next Meeting: Security Summer Social August 22, 2012 at 6:30PM at The Daily Grill == <br />
612 S. Flower Street ● Los Angeles, CA 90017<br />
<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/65238842/ =====<br />
<br><br />
Thanks to generous support of our sponsor, Corero Network Security, we<br />
will be waiving donation requirement. Everyone will receive one free<br />
drink ticket and we will have hors d'oeuvres for everyone.<br />
<br><br />
Corero Network Security (CNS:LN), an organization’s First Line of<br />
Defense, is an international network security company and the leading<br />
provider of Distributed Denial of Service (DDoS) defense and Next<br />
Generation Intrusion Prevention Systems (NGIPS) solutions. As the<br />
First Line of Defense, Corero’s products and services stop DDoS<br />
attacks, protect IT infrastructure and eliminate downtime. Customers<br />
include enterprises, service providers and government organizations<br />
worldwide. Corero’s appliance-based solutions are dynamic and<br />
automatically respond to evolving cyber attacks, known and unknown,<br />
allowing existing IT infrastructure -- such as firewalls -- to perform<br />
their intended purposes. Corero’s products are transparent, highly<br />
scalable and feature the lowest latency and highest reliability in the<br />
industry. Corero is headquartered in Hudson, Massachusetts with<br />
offices around the world. www.corero.com.<br />
<br />
<br><br />
<br> <br />
== Would you like to speak at an OWASP Los Angeles Meeting? == <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Kelly.Fitzgerald@owasp.org Kelly Fitzgerald] -- Board Member <br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
<br />
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker <br><br />
Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=133316Los Angeles2012-07-23T04:52:59Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next Meeting: August 1, 2012 at 7:00PM. Symantec Offices, Culver City == <br />
<br />
[[Please note that our next meeting will be on August 1. <br />
]]<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/65238422/ =====<br />
<br><br />
<br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Kelly.Fitzgerald@owasp.org Kelly Fitzgerald] -- Board Member <br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
<br />
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker <br><br />
Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=133315Los Angeles2012-07-23T04:52:05Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next Meeting: August 1, 2012 at 7:00PM. Symantec Offices, Culver City == <br />
<br />
[[Please note that our next meeting will be on August 1. <br />
]]<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/65238422/ =====<br />
<br><br />
<br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Kelly.Fitzgerald@owasp.org Kelly Fitzgerald] -- Board Member <br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
<br />
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker <br />
Los Angeles was founded by Cassio Goldschmidt. <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles/2012_Meetings&diff=133314Los Angeles/2012 Meetings2012-07-23T04:20:39Z<p>Tin Zaw: </p>
<hr />
<div>'''June 27, 2012, Symantec Offices, Culver City'''<br />
<br />
'''Flame Malware'''<br />
<br />
The discovery of the Flame malware that targets Middle Eastern countries, predominantly Iran, has brought politically motivated threats into the spot light again.<br />
In this talk I will discuss the Flame malware and contrast it with other politically motivated threats we have seen. I will discuss how Flame was discovered, what it is capable of and give updates on the latest analysis. In addition I will talk about the increasing use of cyber espionage and what that may mean for software developers.<br />
Flame is peculiar in that it was written with a combination of C++, Lua and sqlite. I will show how the threat uses these technologies and how that differs from the malware we see every day.<br />
<br />
'''Speaker: Liam O Murchu'''<br />
<br />
Liam O Murchu is a manager of Security Response at Symantec. He has appeared on CBS 60 Minutes about Stuxnet virus. He has also presented about Stuxnet at Los Angeles chapters of OWASP and ISSA.<br />
http://www.cbsnews.com/video/watch/?id=7400892n<br />
<br />
'''May 23, 2012 at 6:45PM. Symantec Offices, Culver City'''<br />
<br />
'''Data Mining a Mountain of Zero Day Vulnerabilities'''<br />
<br />
Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. We used static binary analysis on thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers, to create an anonymized vulnerability data set. By mining this data we can answer some interesting questions.<br />
Which industries have the most secure and least secure code? What types of mistakes do developers make most often? Which languages and platforms have the apps with the most vulnerabilities? Should you be most worried of internally built apps, open source, commercial software, or outsourcers? These questions and many more will be answered as we tunnel through zero day mountain.<br />
<br />
'''Speaker: Chris Wysopal'''<br />
<br />
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is an author of L0phtCrack and netcat for Windows. He is the lead author of “The Art of Software Security Testing” published by Addison-Wesley.</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=131469Los Angeles2012-06-14T18:32:08Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next Meeting: June 27, 2012 at 7:00PM. Symantec Offices, Culver City == <br />
<br />
Please note that our next meeting will be on August 1. <br />
<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/65238232/ =====<br />
<br><br />
===== Flame Malware =====<br />
<br />
The discovery of the Flame malware that targets Middle Eastern countries, predominantly Iran, has brought politically motivated threats into the spot light again.<br />
<br />
In this talk I will discuss the Flame malware and contrast it with other politically motivated threats we have seen. I will discuss how Flame was discovered, what it is capable of and give updates on the latest analysis. In addition I will talk about the increasing use of cyber espionage and what that may mean for software developers.<br />
<br />
Flame is peculiar in that it was written with a combination of C++, Lua and sqlite. I will show how the threat uses these technologies and how that differs from the malware we see every day.<br />
<br />
<br />
===== Speaker: Liam O Murchu =====<br />
<br />
Liam O Murchu is a manager of Security Response at Symantec. He has appeared on CBS 60 Minutes about Stuxnet virus. He has also presented about Stuxnet at Los Angeles chapters of OWASP and ISSA.<br />
<br />
http://www.cbsnews.com/video/watch/?id=7400892n<br />
<br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles/2012_Meetings&diff=131468Los Angeles/2012 Meetings2012-06-14T18:29:16Z<p>Tin Zaw: </p>
<hr />
<div>'''May 23, 2012 at 6:45PM. Symantec Offices, Culver City'''<br />
<br />
'''Data Mining a Mountain of Zero Day Vulnerabilities'''<br />
<br />
Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. We used static binary analysis on thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers, to create an anonymized vulnerability data set. By mining this data we can answer some interesting questions.<br />
Which industries have the most secure and least secure code? What types of mistakes do developers make most often? Which languages and platforms have the apps with the most vulnerabilities? Should you be most worried of internally built apps, open source, commercial software, or outsourcers? These questions and many more will be answered as we tunnel through zero day mountain.<br />
<br />
'''Speaker: Chris Wysopal'''<br />
<br />
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is an author of L0phtCrack and netcat for Windows. He is the lead author of “The Art of Software Security Testing” published by Addison-Wesley.</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles/2012_Meetings&diff=131467Los Angeles/2012 Meetings2012-06-14T18:28:51Z<p>Tin Zaw: Created page with "'''May 23, 2012 at 6:45PM. Symantec Offices, Culver City ''' '''Data Mining a Mountain of Zero Day Vulnerabilities '''Every day, software developers around the world, from Ba..."</p>
<hr />
<div>'''May 23, 2012 at 6:45PM. Symantec Offices, Culver City<br />
'''<br />
<br />
'''Data Mining a Mountain of Zero Day Vulnerabilities<br />
'''Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. We used static binary analysis on thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers, to create an anonymized vulnerability data set. By mining this data we can answer some interesting questions.<br />
Which industries have the most secure and least secure code? What types of mistakes do developers make most often? Which languages and platforms have the apps with the most vulnerabilities? Should you be most worried of internally built apps, open source, commercial software, or outsourcers? These questions and many more will be answered as we tunnel through zero day mountain.<br />
<br />
'''Speaker: Chris Wysopal<br />
'''Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is an author of L0phtCrack and netcat for Windows. He is the lead author of “The Art of Software Security Testing” published by Addison-Wesley.</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=131466Los Angeles2012-06-14T18:28:09Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next Meeting: May 23, 2012 at 6:45PM. Symantec Offices, Culver City == <br />
<br />
We will have our May monthly as usual this month. Please note that we need to start at 6:45 sharp and Chris's talk will start promptly at 7:00PM as he needs to fly back to the east coast.<br />
<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/61886212/ =====<br />
<br><br />
===== Data Mining a Mountain of Zero Day Vulnerabilities =====<br />
<br />
Every day, software developers around the world, from Bangalore to<br />
Silicon Valley, churn out millions of lines of insecure code. We used<br />
static binary analysis on thousands of applications submitted to us by<br />
large enterprises, commercial software vendors, open source projects,<br />
and software outsourcers, to create an anonymized vulnerability data<br />
set. By mining this data we can answer some interesting questions.<br />
<br />
Which industries have the most secure and least secure code? What<br />
types of mistakes do developers make most often? Which languages and<br />
platforms have the apps with the most vulnerabilities? Should you be<br />
most worried of internally built apps, open source, commercial<br />
software, or outsourcers? These questions and many more will be<br />
answered as we tunnel through zero day mountain.<br />
<br />
<br />
===== Speaker: Chris Wysopal =====<br />
<br />
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the<br />
company’s software security analysis capabilities. In 2008 he was<br />
named one of InfoWorld's Top 25 CTO's and one of the 100 most<br />
influential people in IT by eWeek. One of the original vulnerability<br />
researchers and a member of L0pht Heavy Industries, he has testified<br />
on Capitol Hill in the US on the subjects of government computer<br />
security and how vulnerabilities are discovered in software. He is an<br />
author of L0phtCrack and netcat for Windows. He is the lead author of<br />
“The Art of Software Security Testing” published by Addison-Wesley.<br />
<br />
<br />
<br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=130077Los Angeles2012-05-17T20:38:10Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next Meeting: May 23, 2012 at 6:45PM. Symantec Offices, Culver City == <br />
<br />
We will have our May monthly as usual this month. Please note that we need to start at 6:45 sharp and Chris's talk will start promptly at 7:00PM as he needs to fly back to the east coast.<br />
<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/61886212/ =====<br />
<br><br />
===== Data Mining a Mountain of Zero Day Vulnerabilities =====<br />
<br />
Every day, software developers around the world, from Bangalore to<br />
Silicon Valley, churn out millions of lines of insecure code. We used<br />
static binary analysis on thousands of applications submitted to us by<br />
large enterprises, commercial software vendors, open source projects,<br />
and software outsourcers, to create an anonymized vulnerability data<br />
set. By mining this data we can answer some interesting questions.<br />
<br />
Which industries have the most secure and least secure code? What<br />
types of mistakes do developers make most often? Which languages and<br />
platforms have the apps with the most vulnerabilities? Should you be<br />
most worried of internally built apps, open source, commercial<br />
software, or outsourcers? These questions and many more will be<br />
answered as we tunnel through zero day mountain.<br />
<br />
<br />
===== Speaker: Chris Wysopal =====<br />
<br />
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the<br />
company’s software security analysis capabilities. In 2008 he was<br />
named one of InfoWorld's Top 25 CTO's and one of the 100 most<br />
influential people in IT by eWeek. One of the original vulnerability<br />
researchers and a member of L0pht Heavy Industries, he has testified<br />
on Capitol Hill in the US on the subjects of government computer<br />
security and how vulnerabilities are discovered in software. He is an<br />
author of L0phtCrack and netcat for Windows. He is the lead author of<br />
“The Art of Software Security Testing” published by Addison-Wesley.<br />
<br />
<br />
<br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=130076Los Angeles2012-05-17T20:36:44Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
We will have our May monthly as usual this month. Please note that we need to start at 6:45 sharp and Chris's talk will start promptly at 7:00PM as he needs to fly back to the east coast.<br />
<br />
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/61886212/ =====<br />
<br><br />
===== Data Mining a Mountain of Zero Day Vulnerabilities =====<br />
<br />
Every day, software developers around the world, from Bangalore to<br />
Silicon Valley, churn out millions of lines of insecure code. We used<br />
static binary analysis on thousands of applications submitted to us by<br />
large enterprises, commercial software vendors, open source projects,<br />
and software outsourcers, to create an anonymized vulnerability data<br />
set. By mining this data we can answer some interesting questions.<br />
<br />
Which industries have the most secure and least secure code? What<br />
types of mistakes do developers make most often? Which languages and<br />
platforms have the apps with the most vulnerabilities? Should you be<br />
most worried of internally built apps, open source, commercial<br />
software, or outsourcers? These questions and many more will be<br />
answered as we tunnel through zero day mountain.<br />
<br />
<br />
===== Speaker: Chris Wysopal =====<br />
<br />
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the<br />
company’s software security analysis capabilities. In 2008 he was<br />
named one of InfoWorld's Top 25 CTO's and one of the 100 most<br />
influential people in IT by eWeek. One of the original vulnerability<br />
researchers and a member of L0pht Heavy Industries, he has testified<br />
on Capitol Hill in the US on the subjects of government computer<br />
security and how vulnerabilities are discovered in software. He is an<br />
author of L0phtCrack and netcat for Windows. He is the lead author of<br />
“The Art of Software Security Testing” published by Addison-Wesley.<br />
<br />
<br />
<br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=130075Los Angeles2012-05-17T20:21:31Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
We will have our May monthly as usual this month. Please note that we need to start at 6:45 sharp and Chris's talk will start promptly at 7:00PM as he needs to fly back to the east coast.<br />
<br />
Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/61886212/<br />
<br />
Data Mining a Mountain of Zero Day Vulnerabilities<br />
<br />
Every day, software developers around the world, from Bangalore to<br />
Silicon Valley, churn out millions of lines of insecure code. We used<br />
static binary analysis on thousands of applications submitted to us by<br />
large enterprises, commercial software vendors, open source projects,<br />
and software outsourcers, to create an anonymized vulnerability data<br />
set. By mining this data we can answer some interesting questions.<br />
<br />
Which industries have the most secure and least secure code? What<br />
types of mistakes do developers make most often? Which languages and<br />
platforms have the apps with the most vulnerabilities? Should you be<br />
most worried of internally built apps, open source, commercial<br />
software, or outsourcers? These questions and many more will be<br />
answered as we tunnel through zero day mountain.<br />
<br />
<br />
Bio:<br />
<br />
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the<br />
company’s software security analysis capabilities. In 2008 he was<br />
named one of InfoWorld's Top 25 CTO's and one of the 100 most<br />
influential people in IT by eWeek. One of the original vulnerability<br />
researchers and a member of L0pht Heavy Industries, he has testified<br />
on Capitol Hill in the US on the subjects of government computer<br />
security and how vulnerabilities are discovered in software. He is an<br />
author of L0phtCrack and netcat for Windows. He is the lead author of<br />
“The Art of Software Security Testing” published by Addison-Wesley.<br />
<br />
<br />
<br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=127322Los Angeles2012-04-03T00:42:09Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; April 25, 2012, 3:00 PM <br> ==<br />
<br />
(Note different date, time and location)<br><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
At a hotel in Culver City.<br />
<br />
Exact location to be announced.<br />
<br />
RSVP will open soon at http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
<br> <br />
<br />
== April message from OWASP Los Angeles <br> ==<br />
<br />
<b>1. Hold the Date -- April 25 </b> <br />
<br />
We are planning for 1/2 day conference on April 25 -- calling it a Mini-Summit -- starting at 3PM at a hotel on the west side (most likely in Culver City). We have at least 3 speakers and a panel discussion. The event includes food and beverages and there will be a small fee (no more than $20) to offset the cost. <br />
<br />
Please show us love by registering. Registration will open soon on Meetup. <br />
<br />
<b> 2. Participate in Projects </b> <br />
<br />
OWASP is about projects. Without projects, OWASP wouldn't exist, and projects need new blood. I would like to encourage your participation in the projects. There are many projects to choose from (link below) but testing, development and code review guides are in urgent need of help. You don't need to be a coder to contribute. <br />
<br />
https://www.owasp.org/index.php/Category:OWASP_Project<br />
<br />
Please see what you can contribute and feel free to reach out to the project leaders directly, or send me an email if you want an introduction. <br />
<br />
<b> 3. Call for Local Speakers </b> <br />
<br />
We have a lot of security talent in LA area and we would love to hear from you. Edward Bonver is leading an initiative to have local speakers more involved and present at OWASP meetings. Please reach out to him at edward@owasp.org if you're interested. <br />
<br />
----<br />
<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=127321Los Angeles2012-04-03T00:39:26Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Mar 21, 2012, 6:30 PM <br> ==<br />
<!-- (Note different date, time and location)<br> --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
At a hotel in Culver City.<br />
<br />
Exact location to be announced.<br />
<br />
RSVP will open soon at http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
<br> <br />
<br />
----<br />
<br />
== April message from OWASP Los Angeles President <br> ==<br />
<br />
<b>1. Hold the Date -- April 25 </b> <br />
<br />
We are planning for 1/2 day conference on April 25 -- calling it a Mini-Summit -- starting at 3PM at a hotel on the west side (most likely in Culver City). We have at least 3 speakers and a panel discussion. The event includes food and beverages and there will be a small fee (no more than $20) to offset the cost. <br />
<br />
Please show us love by registering. Registration will open soon on Meetup. <br />
<br />
<b> 2. Participate in Projects </b> <br />
<br />
OWASP is about projects. Without projects, OWASP wouldn't exist, and projects need new blood. I would like to encourage your participation in the projects. There are many projects to choose from (link below) but testing, development and code review guides are in urgent need of help. You don't need to be a coder to contribute. <br />
<br />
https://www.owasp.org/index.php/Category:OWASP_Project<br />
<br />
Please see what you can contribute and feel free to reach out to the project leaders directly, or send me an email if you want an introduction. <br />
<br />
<b> 3. Call for Local Speakers </b> <br />
<br />
We have a lot of security talent in LA area and we would love to hear from you. Edward Bonver is leading an initiative to have local speakers more involved and present at OWASP meetings. Please reach out to him at edward@owasp.org if you're interested. <br />
<br />
----<br />
<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=127320Los Angeles2012-04-03T00:38:24Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Mar 21, 2012, 6:30 PM <br> ==<br />
<!-- (Note different date, time and location)<br> --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
At a hotel in Culver City.<br />
<br />
Exact location to be announced.<br />
<br />
RSVP will open soon at http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
<br> <br />
<br />
----<br />
<br />
== April message from OWASP Los Angeles President ==<br />
<br />
<b>1. Hold the Date -- April 25 </b> <br />
<br />
We are planning for 1/2 day conference on April 25 -- calling it a Mini-Summit -- starting at 3PM at a hotel on the west side (most likely in Culver City). We have at least 3 speakers and a panel discussion. The event includes food and beverages and there will be a small fee (no more than $20) to offset the cost. <br />
<br />
Please show us love by registering. Registration will open soon on Meetup. <br />
<br />
2. Participate in Projects <br />
<br />
OWASP is about projects. Without projects, OWASP wouldn't exist, and projects need new blood. I would like to encourage your participation in the projects. There are many projects to choose from (link below) but testing, development and code review guides are in urgent need of help. You don't need to be a coder to contribute. <br />
<br />
https://www.owasp.org/index.php/Category:OWASP_Project<br />
<br />
Please see what you can contribute and feel free to reach out to the project leaders directly, or send me an email if you want an introduction. <br />
<br />
3. Call for Local Speakers <br />
<br />
We have a lot of security talent in LA area and we would love to hear from you. Edward Bonver is leading an initiative to have local speakers more involved and present at OWASP meetings. Please reach out to him at edward@owasp.org if you're interested. <br />
<br />
----<br />
<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=127319Los Angeles2012-04-03T00:37:20Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br><br />
<br />
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline. <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Mar 21, 2012, 6:30 PM <br> ==<br />
<!-- (Note different date, time and location)<br> --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
At a hotel in Culver City.<br />
<br />
Exact location to be announced.<br />
<br />
RSVP will open soon at http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
<br> <br />
<br />
----<br />
<br />
=== April message from OWASP Los Angeles President <br />
<br />
1. Hold the Date -- April 25<br />
<br />
We are planning for 1/2 day conference on April 25 -- calling it a Mini-Summit -- starting at 3PM at a hotel on the west side (most likely in Culver City). We have at least 3 speakers and a panel discussion. The event includes food and beverages and there will be a small fee (no more than $20) to offset the cost. <br />
<br />
Please show us love by registering. Registration will open soon on Meetup. <br />
<br />
2. Participate in Projects <br />
<br />
OWASP is about projects. Without projects, OWASP wouldn't exist, and projects need new blood. I would like to encourage your participation in the projects. There are many projects to choose from (link below) but testing, development and code review guides are in urgent need of help. You don't need to be a coder to contribute. <br />
<br />
https://www.owasp.org/index.php/Category:OWASP_Project<br />
<br />
Please see what you can contribute and feel free to reach out to the project leaders directly, or send me an email if you want an introduction. <br />
<br />
3. Call for Local Speakers <br />
<br />
We have a lot of security talent in LA area and we would love to hear from you. Edward Bonver is leading an initiative to have local speakers more involved and present at OWASP meetings. Please reach out to him at edward@owasp.org if you're interested. <br />
<br />
----<br />
<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]] [[Category:OWASP Chapter]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Global_Conferences_Committee_-_Application_12&diff=123489Global Conferences Committee - Application 122012-01-30T23:30:49Z<p>Tin Zaw: </p>
<hr />
<div>[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]<br />
<br />
----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''COMMITTEE APPLICATION FORM''' <br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''<br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">Lorna Alamri.<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles''' <br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|Connections Committee, OWASP Newsletter, Industry Committee, Summit 2010, AppSecUSA 2011.<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for''' <br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|Global Conferences Committee<br />
|}<br />
----<br />
<br />
<br />
----<br />
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. <br />
An incomplete application will not be considered for vote.<br />
----<br />
<br />
<br />
----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''COMMITTEE RECOMMENDATIONS''' <br />
|- <br />
! align="center" style="background:white; color:white"|<font color="black"><br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Who Recommends/Name''' <br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Role in OWASP'''<br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Recommendation Content''' <br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''1'''<br />
| style="width:20%; background:#cccccc" align="center"| Josh Sokol<br />
| style="width:20%; background:#cccccc" align="center"| Chair of OWASP Global Chapters Committee, Austin Chapter Leader, AppSec USA 2012 Co-Chair<br />
| style="width:57%; background:#cccccc" align="center"| Lorna is an awesome person and has historically been a huge contributor to OWASP in many different roles. I believe she would make an amazing addition to the Global Conferences Committee.<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''2'''<br />
| style="width:20%; background:#cccccc" align="center"| Martin Knobloch<br />
| style="width:20%; background:#cccccc" align="center"|Chair of the Global Education Committee, Netherlands Chapter Leader<br />
| style="width:57%; background:#cccccc" align="center"| Lorna has proven her worth to the OWASP community previously many times. Not least during the organisation of the AppSec-USA 2011!<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''3'''<br />
| style="width:20%; background:#cccccc" align="center"| Tin Zaw<br />
| style="width:20%; background:#cccccc" align="center"| Los Angeles Chapter Leader, Co-Chair AppSec USA 2010<br />
| style="width:57%; background:#cccccc" align="center"| Lorna, along with Adam and Sarah, has done a great job of organizing AppSec USA 2011. She will be a great asset for the conference committee. <br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''4'''<br />
| style="width:20%; background:#cccccc" align="center"|<br />
| style="width:20%; background:#cccccc" align="center"|<br />
| style="width:57%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''5'''<br />
| style="width:20%; background:#cccccc" align="center"|<br />
| style="width:20%; background:#cccccc" align="center"|<br />
| style="width:57%; background:#cccccc" align="center"|<br />
|}<br />
----</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=122641Los Angeles2012-01-11T00:27:21Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, January 25, 2012 7:00 P.M.&nbsp;- 9:00 P.M. <br> ==<br />
<!-- (Note different date, time and location)<br> --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> <br />
<br />
Great talks and free catered dinner for all attendees.<br />
<br />
Please RSVP: http://www.meetup.com/OWASP-Los-Angeles/events/47403862/<br />
<br />
<br> <br />
<br />
----<br />
<br />
==== Topic: Security in the Cloud ====<br />
<br />
It is no surprise that the emergence of cloud computing and<br />
virtualization are creating a noticeable buzz across the IT space.<br />
Still, the cloud by itself is a mystery to many customers. When<br />
information security is introduced to the mix, the picture becomes<br />
Cloudy. Add compliance requirements such as PCI, and it's downright<br />
Stormy! In this presentation, Mr. Zigweid will discuss ways to<br />
achieve data security in a cloud environment. This includes what a<br />
cloud customer should watch out for and what they should expect from<br />
their provider in order to meet compliance requirements.<br />
<br />
==== Speaker: Robert Zigweid ====<br />
<br />
Robert Zigweid is an accomplished developer and application tester<br />
with advanced skills in the creation and analysis of systems<br />
architecture and threat modeling. As a Senior Security Consultant at<br />
IOActive, he works with clients to discover and solve network and<br />
application problems that threaten their business goals and assets. In<br />
addition to his direct efforts on penetration tests, security reviews,<br />
and network and application audits, Zigweid contributes to the<br />
advancement of more stable, secure systems through his research and<br />
development. He was a co-founder of OSJava, is working on a JDBC<br />
driver and more robust Java class loader, and has conducted<br />
groundbreaking research that will further the formal understanding of<br />
application and network security for audiences at varying levels of<br />
technical fluency.<br />
<br> <br />
<br />
==== Meeting Sponsors: ====<br />
<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles/2011_Meetings&diff=122640Los Angeles/2011 Meetings2012-01-11T00:26:14Z<p>Tin Zaw: </p>
<hr />
<div>== [[Los_Angeles/2011_Meetings/December_14|December 14, 2011]] ==<br />
<br />
Great networking reception at Dail Grill in downtown Los Angeles. <br />
<br />
== [[Los_Angeles/2011_Meetings/November_30|November 30, 2011]] ==<br />
Speaker: Mani Tadayon and Tin Zaw<br><br />
Topic: Cucumber and friends: tools for security that matters<br><br />
Presentation: http://bit.ly/securitythatmatters<br><br />
<br />
Speaker: Neil Matatall<br><br />
Topic: passw3rd: friends don't let friends store passwords in source code<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: AlgoSec<br><br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/October_26|October 26, 2011]] ==<br />
<br />
Speaker: Muhammad Omar Khan<br><br />
Topic: Time Based SQL Injections <br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Speaker: Jim Manico<br><br />
Topic: Scalable Web AppSec<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: WhiteHat Security <br><br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/September_28|September 28, 2011]] ==<br />
<br />
Speaker: Jim Manico<br><br />
Topic: Deep XSS Defense<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: PKWARE<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/August_24|August 24, 2011]] ==<br />
<br />
Speaker 1: Dr. Dan Manson<br><br />
Topic 1: Cyber Challenge Program<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Speaker 2: Jason Taylor<br><br />
Topic 2: OWASP Exams Project<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: Sprint<br />
<br />
== July 27, 2011 ==<br />
<br />
Social hour hosted by OWASP LA<br><br />
Downtown Daily Grill<br><br />
Los Angeles, CA<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/June_22|June 22, 2011]] ==<br />
<br />
Speaker: Brian Chess<br><br />
Topic: Gray, the new Black: Gray-Box Web Vulnerability Testing<br><br />
Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br><br />
Meeting Sponsor: Safenet<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/May_25|May 25, 2011]] ==<br />
<br />
Speaker: Justin Collins<br><br />
Topic: Automated Detection of Security Flaws in Ruby on Rails Code<br><br />
Presentation: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Brakeman Presentation]]<br><br />
Meeting Sponsor: En Pointe Technologies<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/April_27|April 27, 2011]] ==<br />
<br />
Speaker: Bryan Sullivan<br><br />
Topic: NoSQL Security<br><br />
Meeting Sponsor: Business Partner Solutions<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/March_16|March 16, 2011]] ==<br />
<br />
Speaker: Liam O Murchu<br><br />
Topic: STUXNET<br><br />
Meeting Sponsors: Evolve Technology Group, Websense<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/February 23|February 23, 2011]] ==<br />
<br />
Speaker: Scott Sutherland<br><br />
Topic: Database Security in the Real World<br><br />
Meeting Sponsor: NetSpi<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/January_26|January 26, 2011]] ==<br />
<br />
Speaker: Samy Kamkar<br><br />
Topic: Evercookie: the Persistent Cookie<br><br />
Meeting Sponsor: IBM&nbsp;Rational Software<br></div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=122639Los Angeles2012-01-11T00:24:39Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
== Announcements ==<br />
<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== We are on Meetup. Please join our community there. =====<br />
<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, January 25, 2012 7:00 P.M.&nbsp;- 9:00 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> <br />
<br />
Great talks and free catered dinner for all attendees.<br />
<br />
Please RSVP: http://www.meetup.com/OWASP-Los-Angeles/events/47403862/<br />
<br />
<br> <br />
<br />
----<br />
<br />
==== Topic: Security in the Cloud ====<br />
<br />
It is no surprise that the emergence of cloud computing and<br />
virtualization are creating a noticeable buzz across the IT space.<br />
Still, the cloud by itself is a mystery to many customers. When<br />
information security is introduced to the mix, the picture becomes<br />
Cloudy. Add compliance requirements such as PCI, and it's downright<br />
Stormy! In this presentation, Mr. Zigweid will discuss ways to<br />
achieve data security in a cloud environment. This includes what a<br />
cloud customer should watch out for and what they should expect from<br />
their provider in order to meet compliance requirements.<br />
<br />
==== Speaker: Robert Zigweid ====<br />
<br />
Robert Zigweid is an accomplished developer and application tester<br />
with advanced skills in the creation and analysis of systems<br />
architecture and threat modeling. As a Senior Security Consultant at<br />
IOActive, he works with clients to discover and solve network and<br />
application problems that threaten their business goals and assets. In<br />
addition to his direct efforts on penetration tests, security reviews,<br />
and network and application audits, Zigweid contributes to the<br />
advancement of more stable, secure systems through his research and<br />
development. He was a co-founder of OSJava, is working on a JDBC<br />
driver and more robust Java class loader, and has conducted<br />
groundbreaking research that will further the formal understanding of<br />
application and network security for audiences at varying levels of<br />
technical fluency.<br />
<br> <br />
<br />
==== Meeting Sponsors: ====<br />
<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=122638Los Angeles2012-01-11T00:21:43Z<p>Tin Zaw: </p>
<hr />
<div>== Welcome to Los Angeles Chapter! ==<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
== Announcements ==<br />
<br />
===== We are on Meetup. Please join our community there. =====<br />
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png<br />
===== http://www.meetup.com/OWASP-Los-Angeles/ =====<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, January 25, 2012 7:00 P.M.&nbsp;- 9:00 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> <br />
<br />
Great talks and free catered dinner for all attendees.<br />
<br />
Please RSVP: http://www.meetup.com/OWASP-Los-Angeles/events/47403862/<br />
<br />
<br> <br />
<br />
----<br />
<br />
==== Topic: Security in the Cloud ====<br />
<br />
It is no surprise that the emergence of cloud computing and<br />
virtualization are creating a noticeable buzz across the IT space.<br />
Still, the cloud by itself is a mystery to many customers. When<br />
information security is introduced to the mix, the picture becomes<br />
Cloudy. Add compliance requirements such as PCI, and it's downright<br />
Stormy! In this presentation, Mr. Zigweid will discuss ways to<br />
achieve data security in a cloud environment. This includes what a<br />
cloud customer should watch out for and what they should expect from<br />
their provider in order to meet compliance requirements.<br />
<br />
==== Speaker: Robert Zigweid ====<br />
<br />
Robert Zigweid is an accomplished developer and application tester<br />
with advanced skills in the creation and analysis of systems<br />
architecture and threat modeling. As a Senior Security Consultant at<br />
IOActive, he works with clients to discover and solve network and<br />
application problems that threaten their business goals and assets. In<br />
addition to his direct efforts on penetration tests, security reviews,<br />
and network and application audits, Zigweid contributes to the<br />
advancement of more stable, secure systems through his research and<br />
development. He was a co-founder of OSJava, is working on a JDBC<br />
driver and more robust Java class loader, and has conducted<br />
groundbreaking research that will further the formal understanding of<br />
application and network security for audiences at varying levels of<br />
technical fluency.<br />
<br> <br />
<br />
==== Meeting Sponsors: ====<br />
<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=122637Los Angeles2012-01-11T00:19:40Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
We are on Meetup. Please join our community there. http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, January 25, 2012 7:00 P.M.&nbsp;- 9:00 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> <br />
<br />
Great talks and free catered dinner for all attendees.<br />
<br />
Please RSVP: http://www.meetup.com/OWASP-Los-Angeles/events/47403862/<br />
<br />
<br> <br />
<br />
----<br />
<br />
==== Topic: Security in the Cloud ====<br />
<br />
It is no surprise that the emergence of cloud computing and<br />
virtualization are creating a noticeable buzz across the IT space.<br />
Still, the cloud by itself is a mystery to many customers. When<br />
information security is introduced to the mix, the picture becomes<br />
Cloudy. Add compliance requirements such as PCI, and it's downright<br />
Stormy! In this presentation, Mr. Zigweid will discuss ways to<br />
achieve data security in a cloud environment. This includes what a<br />
cloud customer should watch out for and what they should expect from<br />
their provider in order to meet compliance requirements.<br />
<br />
==== Speaker: Robert Zigweid ====<br />
<br />
Robert Zigweid is an accomplished developer and application tester<br />
with advanced skills in the creation and analysis of systems<br />
architecture and threat modeling. As a Senior Security Consultant at<br />
IOActive, he works with clients to discover and solve network and<br />
application problems that threaten their business goals and assets. In<br />
addition to his direct efforts on penetration tests, security reviews,<br />
and network and application audits, Zigweid contributes to the<br />
advancement of more stable, secure systems through his research and<br />
development. He was a co-founder of OSJava, is working on a JDBC<br />
driver and more robust Java class loader, and has conducted<br />
groundbreaking research that will further the formal understanding of<br />
application and network security for audiences at varying levels of<br />
technical fluency.<br />
<br> <br />
<br />
==== Meeting Sponsors: ====<br />
<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=122626Los Angeles2012-01-10T20:14:06Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: <br> ====<br />
<br />
==== No Speaker this month: Just a Great Networking Event!<br> ====<br />
<br />
<br> <br />
<br />
==== Meeting Sponsors: ====<br />
<br />
This holiday reception is made possible by generous support from<br />
NT Objectives (http://www.ntobjectives.com/) and FireEye<br />
(http://www.fireeye.com/).<br />
<br />
'''NT OBJECTives''' (NTO), based in Orange County, California,<br />
bringstogether an innovative collection of top experts in<br />
informationsecurity and software engineering to develop and provide<br />
acomprehensive suite of industry-leading technologies and services<br />
tosolve the application security challenges of today's<br />
globalorganizations. NTO has created the industry leading,<br />
automatedtechnology capable of performing comprehensive and accurate<br />
WebApplication security scanning solutions. Its<br />
next-generationtechnology, coupled with continued innovation puts NTO<br />
in a leadershiprole in this area of expertise.<br />
<br />
http://www.ntobjectives.com/images/header_logo.jpg<br />
<br />
'''FireEye''' is the leading provider of next-generation threat protection<br />
focused on combating advanced malware, zero-day, and targeted advanced<br />
persistent threat (APT) attacks. FireEye's solutions supplement<br />
security defenses such as traditional and next-generation firewalls,<br />
IPS, antivirus and Web gateways, which can't stop advanced malware.<br />
These technologies leave significant security holes in the majority of<br />
corporate networks. FireEye's Malware Protection Systems feature both<br />
inbound and outbound protection and a signature-less analysis engine<br />
that utilizes the most sophisticated virtual execution engine in the<br />
world to stop advanced threats that attack over Web and email.<br />
<br />
http://www.fireeye.com/images/logo.png<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121983Los Angeles2011-12-29T19:30:42Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: <br> ====<br />
<br />
==== No Speaker this month: Just a Great Networking Event!<br> ====<br />
<br />
<br> <br />
<br />
==== Meeting Sponsors: ====<br />
<br />
This holiday reception is made possible by generous support from<br />
NT Objectives (http://www.ntobjectives.com/) and FireEye<br />
(http://www.fireeye.com/).<br />
<br />
'''NT OBJECTives''' (NTO), based in Orange County, California,<br />
bringstogether an innovative collection of top experts in<br />
informationsecurity and software engineering to develop and provide<br />
acomprehensive suite of industry-leading technologies and services<br />
tosolve the application security challenges of today's<br />
globalorganizations. NTO has created the industry leading,<br />
automatedtechnology capable of performing comprehensive and accurate<br />
WebApplication security scanning solutions. Its<br />
next-generationtechnology, coupled with continued innovation puts NTO<br />
in a leadershiprole in this area of expertise.<br />
<br />
http://www.ntobjectives.com/images/header_logo.jpg<br />
<br />
'''FireEye''' is the leading provider of next-generation threat protection<br />
focused on combating advanced malware, zero-day, and targeted advanced<br />
persistent threat (APT) attacks. FireEye's solutions supplement<br />
security defenses such as traditional and next-generation firewalls,<br />
IPS, antivirus and Web gateways, which can't stop advanced malware.<br />
These technologies leave significant security holes in the majority of<br />
corporate networks. FireEye's Malware Protection Systems feature both<br />
inbound and outbound protection and a signature-less analysis engine<br />
that utilizes the most sophisticated virtual execution engine in the<br />
world to stop advanced threats that attack over Web and email.<br />
<br />
http://www.fireeye.com/images/logo.png<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz <br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121439Los Angeles2011-12-13T20:30:20Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: <br> ====<br />
<br />
==== No Speaker this month: Just a Great Networking Event!<br> ====<br />
<br />
<br> <br />
<br />
==== Meeting Sponsors: ====<br />
<br />
This holiday reception is made possible by generous support from<br />
NT Objectives (http://www.ntobjectives.com/) and FireEye<br />
(http://www.fireeye.com/).<br />
<br />
'''NT OBJECTives''' (NTO), based in Orange County, California,<br />
bringstogether an innovative collection of top experts in<br />
informationsecurity and software engineering to develop and provide<br />
acomprehensive suite of industry-leading technologies and services<br />
tosolve the application security challenges of today's<br />
globalorganizations. NTO has created the industry leading,<br />
automatedtechnology capable of performing comprehensive and accurate<br />
WebApplication security scanning solutions. Its<br />
next-generationtechnology, coupled with continued innovation puts NTO<br />
in a leadershiprole in this area of expertise.<br />
<br />
http://www.ntobjectives.com/images/header_logo.jpg<br />
<br />
'''FireEye''' is the leading provider of next-generation threat protection<br />
focused on combating advanced malware, zero-day, and targeted advanced<br />
persistent threat (APT) attacks. FireEye's solutions supplement<br />
security defenses such as traditional and next-generation firewalls,<br />
IPS, antivirus and Web gateways, which can't stop advanced malware.<br />
These technologies leave significant security holes in the majority of<br />
corporate networks. FireEye's Malware Protection Systems feature both<br />
inbound and outbound protection and a signature-less analysis engine<br />
that utilizes the most sophisticated virtual execution engine in the<br />
world to stop advanced threats that attack over Web and email.<br />
<br />
http://www.fireeye.com/images/logo.png<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121438Los Angeles2011-12-13T20:29:34Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: <br> ====<br />
<br />
==== No Speaker this month: Just a Great Networking Event!<br> ====<br />
<br />
<br> <br />
<br />
==== Meeting Sponsors: ====<br />
<br />
This holiday reception is made possible by generous support from<br />
NTObjectives (http://www.ntobjectives.com/) and FireEye<br />
(http://www.fireeye.com/).<br />
<br />
'''NT OBJECTives''' (NTO), based in Orange County, California,<br />
bringstogether an innovative collection of top experts in<br />
informationsecurity and software engineering to develop and provide<br />
acomprehensive suite of industry-leading technologies and services<br />
tosolve the application security challenges of today's<br />
globalorganizations. NTO has created the industry leading,<br />
automatedtechnology capable of performing comprehensive and accurate<br />
WebApplication security scanning solutions. Its<br />
next-generationtechnology, coupled with continued innovation puts NTO<br />
in a leadershiprole in this area of expertise.<br />
<br />
http://www.ntobjectives.com/images/header_logo.jpg<br />
<br />
'''FireEye''' is the leading provider of next-generation threat protection<br />
focused on combating advanced malware, zero-day, and targeted advanced<br />
persistent threat (APT) attacks. FireEye's solutions supplement<br />
security defenses such as traditional and next-generation firewalls,<br />
IPS, antivirus and Web gateways, which can't stop advanced malware.<br />
These technologies leave significant security holes in the majority of<br />
corporate networks. FireEye's Malware Protection Systems feature both<br />
inbound and outbound protection and a signature-less analysis engine<br />
that utilizes the most sophisticated virtual execution engine in the<br />
world to stop advanced threats that attack over Web and email.<br />
<br />
http://www.fireeye.com/images/logo.png<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121437Los Angeles2011-12-13T20:23:42Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: <br> ====<br />
<br />
==== No Speaker this month: Just a Great Networking Event!<br> ====<br />
<br />
<br> <br />
<br />
==== Meeting Sponsor: ====<br />
<br />
This holiday reception is made possible by generous support from<br />
NTObjectives (http://www.ntobjectives.com/) and FireEye<br />
(http://www.fireeye.com/).<br />
<br />
'''NT OBJECTives''' (NTO), based in Orange County, California,<br />
bringstogether an innovative collection of top experts in<br />
informationsecurity and software engineering to develop and provide<br />
acomprehensive suite of industry-leading technologies and services<br />
tosolve the application security challenges of today's<br />
globalorganizations. NTO has created the industry leading,<br />
automatedtechnology capable of performing comprehensive and accurate<br />
WebApplication security scanning solutions. Its<br />
next-generationtechnology, coupled with continued innovation puts NTO<br />
in a leadershiprole in this area of expertise.<br />
<br />
http://www.ntobjectives.com/images/header_logo.jpg<br />
<br />
'''FireEye''' is the leading provider of next-generation threat protection<br />
focused on combating advanced malware, zero-day, and targeted advanced<br />
persistent threat (APT) attacks. FireEye's solutions supplement<br />
security defenses such as traditional and next-generation firewalls,<br />
IPS, antivirus and Web gateways, which can't stop advanced malware.<br />
These technologies leave significant security holes in the majority of<br />
corporate networks. FireEye's Malware Protection Systems feature both<br />
inbound and outbound protection and a signature-less analysis engine<br />
that utilizes the most sophisticated virtual execution engine in the<br />
world to stop advanced threats that attack over Web and email.<br />
<br />
http://www.fireeye.com/images/logo.png<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
<br />
*[mailto:sarah.baso@owasp.org Sarah Baso] -- Chapter Administrator<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121434Los Angeles2011-12-13T19:40:47Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: <br> ====<br />
<br />
==== No Speaker this month: Just a Great Networking Event!<br> ====<br />
<br />
<br> <br />
<br />
==== Meeting Sponsor: ====<br />
<br />
This holiday reception is made possible by generous support from<br />
NTObjectives (http://www.ntobjectives.com/) and FireEye<br />
(http://www.fireeye.com/).<br />
<br />
'''NT OBJECTives''' (NTO), based in Orange County, California,<br />
bringstogether an innovative collection of top experts in<br />
informationsecurity and software engineering to develop and provide<br />
acomprehensive suite of industry-leading technologies and services<br />
tosolve the application security challenges of today's<br />
globalorganizations. NTO has created the industry leading,<br />
automatedtechnology capable of performing comprehensive and accurate<br />
WebApplication security scanning solutions. Its<br />
next-generationtechnology, coupled with continued innovation puts NTO<br />
in a leadershiprole in this area of expertise.<br />
<br />
'''FireEye''' is the leading provider of next-generation threat protection<br />
focused on combating advanced malware, zero-day, and targeted advanced<br />
persistent threat (APT) attacks. FireEye's solutions supplement<br />
security defenses such as traditional and next-generation firewalls,<br />
IPS, antivirus and Web gateways, which can't stop advanced malware.<br />
These technologies leave significant security holes in the majority of<br />
corporate networks. FireEye's Malware Protection Systems feature both<br />
inbound and outbound protection and a signature-less analysis engine<br />
that utilizes the most sophisticated virtual execution engine in the<br />
world to stop advanced threats that attack over Web and email.<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
<br />
*[mailto:sarah.baso@owasp.org Sarah Baso] -- Chapter Administrator<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121433Los Angeles2011-12-13T19:40:19Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: <br> ====<br />
<br />
==== No Speaker this month: Just a Great Networking Event!<br> ====<br />
<br />
<br> <br />
<br />
==== Meeting Sponsor: ====<br />
This holiday reception is made possible by generous support from<br />
NTObjectives (http://www.ntobjectives.com/) and FireEye<br />
(http://www.fireeye.com/).<br />
<br />
'''NT OBJECTives''' (NTO), based in Orange County, California,<br />
bringstogether an innovative collection of top experts in<br />
informationsecurity and software engineering to develop and provide<br />
acomprehensive suite of industry-leading technologies and services<br />
tosolve the application security challenges of today's<br />
globalorganizations. NTO has created the industry leading,<br />
automatedtechnology capable of performing comprehensive and accurate<br />
WebApplication security scanning solutions. Its<br />
next-generationtechnology, coupled with continued innovation puts NTO<br />
in a leadershiprole in this area of expertise.<br />
<br />
'''FireEye''' is the leading provider of next-generation threat protection<br />
focused on combating advanced malware, zero-day, and targeted advanced<br />
persistent threat (APT) attacks. FireEye's solutions supplement<br />
security defenses such as traditional and next-generation firewalls,<br />
IPS, antivirus and Web gateways, which can't stop advanced malware.<br />
These technologies leave significant security holes in the majority of<br />
corporate networks. FireEye's Malware Protection Systems feature both<br />
inbound and outbound protection and a signature-less analysis engine<br />
that utilizes the most sophisticated virtual execution engine in the<br />
world to stop advanced threats that attack over Web and email.<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
<br />
*[mailto:sarah.baso@owasp.org Sarah Baso] -- Chapter Administrator<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121432Los Angeles2011-12-13T19:39:20Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: <br> ====<br />
<br />
<br />
==== No Speaker this month: Just a Great Networking Event!<br> ====<br />
<br />
<br />
<br> <br />
<br />
==== Meeting Sponsor: ====<br />
It's at Daily Grill in downtown Los Angeles. <br />
<br />
This holiday reception is made possible by generous support from<br />
NTObjectives (http://www.ntobjectives.com/) and FireEye<br />
(http://www.fireeye.com/).<br />
<br />
NT OBJECTives (NTO), based in Orange County, California,<br />
bringstogether an innovative collection of top experts in<br />
informationsecurity and software engineering to develop and provide<br />
acomprehensive suite of industry-leading technologies and services<br />
tosolve the application security challenges of today's<br />
globalorganizations. NTO has created the industry leading,<br />
automatedtechnology capable of performing comprehensive and accurate<br />
WebApplication security scanning solutions. Its<br />
next-generationtechnology, coupled with continued innovation puts NTO<br />
in a leadershiprole in this area of expertise.<br />
<br />
FireEye is the leading provider of next-generation threat protection<br />
focused on combating advanced malware, zero-day, and targeted advanced<br />
persistent threat (APT) attacks. FireEye's solutions supplement<br />
security defenses such as traditional and next-generation firewalls,<br />
IPS, antivirus and Web gateways, which can't stop advanced malware.<br />
These technologies leave significant security holes in the majority of<br />
corporate networks. FireEye's Malware Protection Systems feature both<br />
inbound and outbound protection and a signature-less analysis engine<br />
that utilizes the most sophisticated virtual execution engine in the<br />
world to stop advanced threats that attack over Web and email.<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
<br />
*[mailto:sarah.baso@owasp.org Sarah Baso] -- Chapter Administrator<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121207Los Angeles2011-12-07T21:09:52Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
<!-- '''''Location:'''''<br> --><br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: TBD <br> ====<br />
<br />
<br />
==== Speaker: Cassio Goldschmidt<br> ====<br />
<br />
<br />
<br> <br />
<br />
==== Meeting Sponsor: TBD ====<br />
<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
<br />
*[mailto:sarah.baso@owasp.org Sarah Baso] -- Chapter Administrator<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121206Los Angeles2011-12-07T21:09:23Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br> ==<br />
(Note different date, time and location)<br> <br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
'''''Location:'''''<br> <br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owasp-december-2011.eventbrite.com/<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: TBD <br> ====<br />
<br />
<br />
==== Speaker: Cassio Goldschmidt<br> ====<br />
<br />
<br />
<br> <br />
<br />
==== Meeting Sponsor: TBD ====<br />
<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
<br />
*[mailto:sarah.baso@owasp.org Sarah Baso] -- Chapter Administrator<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121205Los Angeles2011-12-07T20:49:00Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 6:30 P.M.&nbsp;- 9:30 P.M. <br><br />
(Note different date, time and location)<br> ==<br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
'''''Location:'''''<br> <br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owaspla-december2011.eventbrite.com<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: TBD <br> ====<br />
<br />
<br />
==== Speaker: Cassio Goldschmidt<br> ====<br />
<br />
<br />
<br> <br />
<br />
==== Meeting Sponsor: TBD ====<br />
<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
<br />
*[mailto:sarah.baso@owasp.org Sarah Baso] -- Chapter Administrator<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=121204Los Angeles2011-12-07T19:34:54Z<p>Tin Zaw: </p>
<hr />
<div>== Local News ==<br />
<br />
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free. =====<br />
<br />
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====<br />
<br />
<paypal>Los Angeles</paypal><br> <br />
<br />
<br> <br />
<br />
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, December 14, 2011 7:00 P.M.&nbsp;- 9:00 P.M. (Note different date and location)<br> ==<br />
<br />
<!-- Great talks and free catered dinner for all attendees! --><br />
<br />
'''''Location:'''''<br> <br />
<br />
<!-- Symantec<br>900 Corporate Pointe (just off of Slauson)<br>Culver City, CA 90230<br> --><br />
<br />
Please RSVP: http://owaspla-december2011.eventbrite.com<br />
<br />
<br> <br />
<br />
----<br />
<br />
'''OWASP&nbsp;Holiday Gathering''' December 14, 2011 6:30-8:30PM<br> <br />
<br />
''&nbsp; Downtown Daily Grill<br>&nbsp; 612 S. Flower Street • Los Angeles, CA 90017<br>&nbsp; (213) 622-4500 • (213) 629-2974 (fax)<br>&nbsp; downtowndg@dailygrill.com • www.dailygrill.com ''<br><br> <br />
<br />
==== Topic: TBD <br> ====<br />
<br />
<br />
==== Speaker: Cassio Goldschmidt<br> ====<br />
<br />
<br />
<br> <br />
<br />
==== Meeting Sponsor: TBD ====<br />
<br />
<br />
<br> <br />
<br />
----<br />
== Other Events ==<br />
<br />
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org]. <br />
<br />
<br> <br />
----<br />
Would you like to speak at an OWASP Los Angeles Meeting? <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. When we accept your talk, it will be required to use the Powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]. <br />
<br />
<br> <br />
<br />
== Archives of Previous Meetings ==<br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]] <br />
<br />
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
<br> <br />
<br />
== Los Angeles Chapter ==<br />
<br />
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and Chair <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member <br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member<br />
<br />
*[mailto:sarah.baso@owasp.org Sarah Baso] -- Chapter Administrator<br />
<br />
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success! <br />
<br />
http://2010.AppSecUSA.org <br />
<br />
Check out the videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
[[Category:California]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles/2011_Meetings&diff=121203Los Angeles/2011 Meetings2011-12-07T19:32:12Z<p>Tin Zaw: </p>
<hr />
<div>== [[Los_Angeles/2011_Meetings/November_30|November 30, 2011]] ==<br />
Speaker: Mani Tadayon and Tin Zaw<br><br />
Topic: Cucumber and friends: tools for security that matters<br><br />
Presentation: http://bit.ly/securitythatmatters<br><br />
<br />
Speaker: Neil Matatall<br><br />
Topic: passw3rd: friends don't let friends store passwords in source code<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: AlgoSec<br><br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/October_26|October 26, 2011]] ==<br />
<br />
Speaker: Muhammad Omar Khan<br><br />
Topic: Time Based SQL Injections <br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Speaker: Jim Manico<br><br />
Topic: Scalable Web AppSec<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: WhiteHat Security <br><br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/September_28|September 28, 2011]] ==<br />
<br />
Speaker: Jim Manico<br><br />
Topic: Deep XSS Defense<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: PKWARE<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/August_24|August 24, 2011]] ==<br />
<br />
Speaker 1: Dr. Dan Manson<br><br />
Topic 1: Cyber Challenge Program<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Speaker 2: Jason Taylor<br><br />
Topic 2: OWASP Exams Project<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: Sprint<br />
<br />
== July 27, 2011 ==<br />
<br />
Social hour hosted by OWASP LA<br><br />
Downtown Daily Grill<br><br />
Los Angeles, CA<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/June_22|June 22, 2011]] ==<br />
<br />
Speaker: Brian Chess<br><br />
Topic: Gray, the new Black: Gray-Box Web Vulnerability Testing<br><br />
Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br><br />
Meeting Sponsor: Safenet<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/May_25|May 25, 2011]] ==<br />
<br />
Speaker: Justin Collins<br><br />
Topic: Automated Detection of Security Flaws in Ruby on Rails Code<br><br />
Presentation: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Brakeman Presentation]]<br><br />
Meeting Sponsor: En Pointe Technologies<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/April_27|April 27, 2011]] ==<br />
<br />
Speaker: Bryan Sullivan<br><br />
Topic: NoSQL Security<br><br />
Meeting Sponsor: Business Partner Solutions<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/March_16|March 16, 2011]] ==<br />
<br />
Speaker: Liam O Murchu<br><br />
Topic: STUXNET<br><br />
Meeting Sponsors: Evolve Technology Group, Websense<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/February 23|February 23, 2011]] ==<br />
<br />
Speaker: Scott Sutherland<br><br />
Topic: Database Security in the Real World<br><br />
Meeting Sponsor: NetSpi<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/January_26|January 26, 2011]] ==<br />
<br />
Speaker: Samy Kamkar<br><br />
Topic: Evercookie: the Persistent Cookie<br><br />
Meeting Sponsor: IBM&nbsp;Rational Software<br></div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles/2011_Meetings&diff=121202Los Angeles/2011 Meetings2011-12-07T19:31:51Z<p>Tin Zaw: </p>
<hr />
<div>== [[Los_Angeles/2011_Meetings/November_30|November 30, 2011]] ==<br />
Speaker: Mani Tadayon and Tin Zaw<br><br />
Topic: Cucumber and friends: tools for security that matters<br><br />
Presentation: http://bit.ly/securitythatmatters<br />
<br><br />
Speaker: Neil Matatall<br><br />
Topic: passw3rd: friends don't let friends store passwords in source code<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: AlgoSec<br><br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/October_26|October 26, 2011]] ==<br />
<br />
Speaker: Muhammad Omar Khan<br><br />
Topic: Time Based SQL Injections <br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Speaker: Jim Manico<br><br />
Topic: Scalable Web AppSec<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: WhiteHat Security <br><br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/September_28|September 28, 2011]] ==<br />
<br />
Speaker: Jim Manico<br><br />
Topic: Deep XSS Defense<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: PKWARE<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/August_24|August 24, 2011]] ==<br />
<br />
Speaker 1: Dr. Dan Manson<br><br />
Topic 1: Cyber Challenge Program<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Speaker 2: Jason Taylor<br><br />
Topic 2: OWASP Exams Project<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: Sprint<br />
<br />
== July 27, 2011 ==<br />
<br />
Social hour hosted by OWASP LA<br><br />
Downtown Daily Grill<br><br />
Los Angeles, CA<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/June_22|June 22, 2011]] ==<br />
<br />
Speaker: Brian Chess<br><br />
Topic: Gray, the new Black: Gray-Box Web Vulnerability Testing<br><br />
Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br><br />
Meeting Sponsor: Safenet<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/May_25|May 25, 2011]] ==<br />
<br />
Speaker: Justin Collins<br><br />
Topic: Automated Detection of Security Flaws in Ruby on Rails Code<br><br />
Presentation: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Brakeman Presentation]]<br><br />
Meeting Sponsor: En Pointe Technologies<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/April_27|April 27, 2011]] ==<br />
<br />
Speaker: Bryan Sullivan<br><br />
Topic: NoSQL Security<br><br />
Meeting Sponsor: Business Partner Solutions<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/March_16|March 16, 2011]] ==<br />
<br />
Speaker: Liam O Murchu<br><br />
Topic: STUXNET<br><br />
Meeting Sponsors: Evolve Technology Group, Websense<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/February 23|February 23, 2011]] ==<br />
<br />
Speaker: Scott Sutherland<br><br />
Topic: Database Security in the Real World<br><br />
Meeting Sponsor: NetSpi<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/January_26|January 26, 2011]] ==<br />
<br />
Speaker: Samy Kamkar<br><br />
Topic: Evercookie: the Persistent Cookie<br><br />
Meeting Sponsor: IBM&nbsp;Rational Software<br></div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles/2011_Meetings&diff=121201Los Angeles/2011 Meetings2011-12-07T19:31:37Z<p>Tin Zaw: </p>
<hr />
<div>== [[Los_Angeles/2011_Meetings/November_30|November 30, 2011]] ==<br />
Speaker: Mani Tadayon and Tin Zaw<br><br />
Topic: Cucumber and friends: tools for security that matters<br><br />
Presentation: http://bit.ly/securitythatmatters<br />
<br />
Speaker: Neil Matatall<br><br />
Topic: passw3rd: friends don't let friends store passwords in source code<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: AlgoSec<br><br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/October_26|October 26, 2011]] ==<br />
<br />
Speaker: Muhammad Omar Khan<br><br />
Topic: Time Based SQL Injections <br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Speaker: Jim Manico<br><br />
Topic: Scalable Web AppSec<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: WhiteHat Security <br><br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/September_28|September 28, 2011]] ==<br />
<br />
Speaker: Jim Manico<br><br />
Topic: Deep XSS Defense<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: PKWARE<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/August_24|August 24, 2011]] ==<br />
<br />
Speaker 1: Dr. Dan Manson<br><br />
Topic 1: Cyber Challenge Program<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Speaker 2: Jason Taylor<br><br />
Topic 2: OWASP Exams Project<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: Sprint<br />
<br />
== July 27, 2011 ==<br />
<br />
Social hour hosted by OWASP LA<br><br />
Downtown Daily Grill<br><br />
Los Angeles, CA<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/June_22|June 22, 2011]] ==<br />
<br />
Speaker: Brian Chess<br><br />
Topic: Gray, the new Black: Gray-Box Web Vulnerability Testing<br><br />
Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br><br />
Meeting Sponsor: Safenet<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/May_25|May 25, 2011]] ==<br />
<br />
Speaker: Justin Collins<br><br />
Topic: Automated Detection of Security Flaws in Ruby on Rails Code<br><br />
Presentation: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Brakeman Presentation]]<br><br />
Meeting Sponsor: En Pointe Technologies<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/April_27|April 27, 2011]] ==<br />
<br />
Speaker: Bryan Sullivan<br><br />
Topic: NoSQL Security<br><br />
Meeting Sponsor: Business Partner Solutions<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/March_16|March 16, 2011]] ==<br />
<br />
Speaker: Liam O Murchu<br><br />
Topic: STUXNET<br><br />
Meeting Sponsors: Evolve Technology Group, Websense<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/February 23|February 23, 2011]] ==<br />
<br />
Speaker: Scott Sutherland<br><br />
Topic: Database Security in the Real World<br><br />
Meeting Sponsor: NetSpi<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/January_26|January 26, 2011]] ==<br />
<br />
Speaker: Samy Kamkar<br><br />
Topic: Evercookie: the Persistent Cookie<br><br />
Meeting Sponsor: IBM&nbsp;Rational Software<br></div>Tin Zawhttps://wiki.owasp.org/index.php?title=Los_Angeles/2011_Meetings&diff=121200Los Angeles/2011 Meetings2011-12-07T19:28:10Z<p>Tin Zaw: </p>
<hr />
<div>== [[Los_Angeles/2011_Meetings/November_30|November 30, 2011]] ==<br />
Speaker: Mani Tadayon and Tin Zaw<br><br />
Topic: Cucumber and friends: tools for security that matters<br><br />
Presentation: http://bit.ly/securitythatmatters<br />
<br />
Speaker: Neil Matatall<br><br />
Topic: passw3rd: friends don't let friends store passwords in source code<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
<br />
Meeting Sponsor: AlgoSec<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/October_XX|September XX, 2011]] ==<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/September_28|September 28, 2011]] ==<br />
<br />
Speaker: Jim Manico<br><br />
Topic: Deep XSS Defense<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: PKWARE<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/August_24|August 24, 2011]] ==<br />
<br />
Speaker 1: Dr. Dan Manson<br><br />
Topic 1: Cyber Challenge Program<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Speaker 2: Jason Taylor<br><br />
Topic 2: OWASP Exams Project<br><br />
<!--Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br>--><br />
Meeting Sponsor: Sprint<br />
<br />
== July 27, 2011 ==<br />
<br />
Social hour hosted by OWASP LA<br><br />
Downtown Daily Grill<br><br />
Los Angeles, CA<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/June_22|June 22, 2011]] ==<br />
<br />
Speaker: Brian Chess<br><br />
Topic: Gray, the new Black: Gray-Box Web Vulnerability Testing<br><br />
Presentation: [[Media:Gray,_the_new_black.pptx|Gray, the new Black pptx]]<br><br />
Meeting Sponsor: Safenet<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/May_25|May 25, 2011]] ==<br />
<br />
Speaker: Justin Collins<br><br />
Topic: Automated Detection of Security Flaws in Ruby on Rails Code<br><br />
Presentation: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Brakeman Presentation]]<br><br />
Meeting Sponsor: En Pointe Technologies<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/April_27|April 27, 2011]] ==<br />
<br />
Speaker: Bryan Sullivan<br><br />
Topic: NoSQL Security<br><br />
Meeting Sponsor: Business Partner Solutions<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/March_16|March 16, 2011]] ==<br />
<br />
Speaker: Liam O Murchu<br><br />
Topic: STUXNET<br><br />
Meeting Sponsors: Evolve Technology Group, Websense<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/February 23|February 23, 2011]] ==<br />
<br />
Speaker: Scott Sutherland<br><br />
Topic: Database Security in the Real World<br><br />
Meeting Sponsor: NetSpi<br />
<br />
<br />
== [[Los_Angeles/2011_Meetings/January_26|January 26, 2011]] ==<br />
<br />
Speaker: Samy Kamkar<br><br />
Topic: Evercookie: the Persistent Cookie<br><br />
Meeting Sponsor: IBM&nbsp;Rational Software<br></div>Tin Zawhttps://wiki.owasp.org/index.php?title=Global_Industry_Committee_-_Application_15&diff=121049Global Industry Committee - Application 152011-12-03T20:14:52Z<p>Tin Zaw: </p>
<hr />
<div>[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]<br />
<br />
----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="2" align="center" style="background:#4058A0; color:white"|<font color="white">'''COMMITTEE APPLICATION FORM''' <br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''<br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|<font color="black">Frank Fan<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles''' <br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|OWASP China VP<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for''' <br />
| colspan="1" style="width:85%; background:#cccccc" align="left"|Global Industry Committee<br />
|}<br />
----<br />
<br />
<br />
----<br />
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. <br />
An incomplete application will not be considered for vote.<br />
----<br />
<br />
<br />
----<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''COMMITTEE RECOMMENDATIONS''' <br />
|- <br />
! align="center" style="background:white; color:white"|<font color="black"><br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Who Recommends/Name''' <br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Role in OWASP'''<br />
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Recommendation Content''' <br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''1'''<br />
| style="width:20%; background:#cccccc" align="center"| Helen Gao<br />
| style="width:20%; background:#cccccc" align="center"| Long Island Chapter Founder & Leader, Global Membership Comittee<br />
| style="width:57%; background:#cccccc" align="center"| I first met Frank at the OWASP conference in 2010. Frank is one of the most intelligent entrepreneurs and infosec experts I have ever met. Frank's company has been one of the main sponsors of the past two OWASP conferences in China. As a matter of fact, Frank has volunteered to host the OWASP submit in 2013. Frank's education and experience in both US and China is rare, especially among OWASP leaders. I am confident that he will be an asset to OWASP.<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''2'''<br />
| style="width:20%; background:#cccccc" align="center"|Ivy Zhang<br />
| style="width:20%; background:#cccccc" align="center"|Member of China Chapter<br />
| style="width:57%; background:#cccccc" align="center"|Being the VP of China Chapter, Frank also has more than ten years experience in US. His experience and knowledge is crucial in OWASP's mission <br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''3'''<br />
| style="width:20%; background:#cccccc" align="center"|Tin Zaw<br />
| style="width:20%; background:#cccccc" align="center"|Los Angeles Chapter Leader<br />
| style="width:57%; background:#cccccc" align="center"|Frank is a highly-respected, well-connected, successful engineer/businessman in China and he is very committed to success of OWASP, in China and globally. These attributes make him an ideal candidate for the Industry Committee. <br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''4'''<br />
| style="width:20%; background:#cccccc" align="center"|<br />
| style="width:20%; background:#cccccc" align="center"|<br />
| style="width:57%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:3%; background:#cccccc" align="center"|'''5'''<br />
| style="width:20%; background:#cccccc" align="center"|<br />
| style="width:20%; background:#cccccc" align="center"|<br />
| style="width:57%; background:#cccccc" align="center"|<br />
|}<br />
----</div>Tin Zawhttps://wiki.owasp.org/index.php?title=AppSec_USA_2011_chapters_workshop_agenda&diff=117756AppSec USA 2011 chapters workshop agenda2011-09-21T15:18:32Z<p>Tin Zaw: </p>
<hr />
<div> Join Remotely: https://www3.gotomeeting.com/join/627842590<br />
<br />
== General Information ==<br />
<br />
As part of [http://www.appsecusa.org/ AppSec USA 2011], on '''Wednesday, September 21,2011 at 12:00h-15:00h''' at the Minneapolis Convention Center (Room # M101-B), the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. ''Please note that this Workshop will take place on the day before the Conference starts.''<br />
<br />
'''Discussion topics include:'''<br />
* How to improve the current Chapter Leader Handbook?<br />
* How to start and support new chapters within Canada and the United States?<br />
* How to support inactive chapters within Canada and the United States?<br />
* What Governance model is required for OWASP chapters?<br />
* How can the Global Chapters Committee facilitate the North American chapters?<br />
* ...<br />
<br />
<br />
<br />
== Funding to Attend Workshop ==<br />
<br />
If you need financial assistance to attend the Chapter Leader Workshop at AppSec USA, please submit a request to [mailto:tin.zaw@owasp.org Tin Zaw] and [mailto:sarah.baso@owasp.org Sarah Baso] by '''August 8, 2011'''. <br />
<br />
<br />
Funding for your attendance to the workshop should be worked out in the following order. <br />
<br />
# Ask your employer to fund your trip to AppSec USA conference.<br />
# Utilize your chapter funds.<br />
# Ask the chapter committee for funding assistance. <br />
<br />
<br />
While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 8, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP. <br />
<br />
<br />
== Agenda ==<br />
<br />
Proposed agenda (open for discussion): <br />
<br />
{| border="0" align="center" style="width: 80%;"<br />
|-<br />
! align="center" colspan="3" | Minneapolis Convention Center - Room M101-B<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 12:00 - 12:15 <br />
| align="left" colspan="2" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Welcome and Introductions<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 12:15 - 1:00 <br />
| align="center" colspan="2" style="background: rgb(242, 242, 242) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Handling chapter finances''' <br />
''Introduction &amp; moderation: Tin Zaw, Participation: All '' <br />
<br />
Current chapter handbook [[:Chapter Handbook: Managing Money|section]] to be elaborated. <br />
<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 1:00 - 1:15<br />
| align="left" colspan="2" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Coffee Break<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 1:15 - 2:00<br />
| align="center" colspan="2" style="background: rgb(242, 242, 242) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Top 10 advice for new and veteran chapter leaders''' <br />
''Introduction &amp; moderation: Tin Zaw, Participation: All'' <br />
<br />
Create list [https://www.owasp.org/index.php/Talk:AppSec_USA_2011_chapters_workshop_agenda upfront and add action, impact and required support] from the Chapters Committee. <br />
<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 2:00 - 2:10<br />
| align="left" colspan="2" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Break<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 2:10 - 2:55<br />
| align="center" colspan="2" style="background: rgb(242, 242, 242) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''How to cross-pollinate success among North American chapters?''' <br />
''Introduction &amp; moderation: Tin Zaw, Participation: All'' <br />
<br />
Look for good pollinator mechanisms and [https://www.owasp.org/index.php/Talk:AppSec_USA_2011_chapters_workshop_agenda define 7 goals] to be accomplished by AppSec USA 2012 in Austin, Texas.<br />
<br />
|}<br />
<br />
<br />
== Participants ==<br />
<br />
'''If you plan to attend, please fill in your name and chapter below:'''<br />
<br />
* Tin Zaw (Global Chapters Committee Chair) - Los Angeles Chapter <br />
* Sarah Baso (Global Chapters Committee Administrator)<br />
* Mandeep Khera (Bay Area Chapter Leader and Global Chapter Committee member)<br />
* Tom Brennan (New York City Metro Leader and International Board of Directors)<br />
* Kelly Santalucia (New York City Chapter Administrator / Global Membership Committee Administrator)<br />
* Sherif Koussa (Ottawa Chapter Leader)<br />
* Brian Van Norman (Cincinnati Chapter)<br />
* Jon Bango (Atlanta Chapter)<br />
* James Wickett (Austin Chapter)<br />
<br />
== Remote Participation ==<br />
<br />
There will be WiFi, so we can set up a Skype or WebEx conference call for people who want to listen in or participate remotely. <br />
<br />
Contact [mailto:sarah.baso@owasp.org Sarah Baso] if you are interested in participating remotely.<br />
<br />
<br />
== Chapters Workshop at AppSec EU ==<br />
<br />
[https://docs.google.com/a/owasp.org/document/d/1PrGmwy1pxs2cb4LyewXS4TonbzAY7nORWvj-NJYaEnk/edit?hl=en_US Minutes from Workshop]<br />
<br />
[[AppSecEU 2011 chapters workshop agenda]]<br />
<br />
<br />
== Revising the Chapter Leader Handbook ==<br />
<br />
We hope to make time and space available to do hands-on work revising the [[Chapter Leader Handbook]], details TBA.<br />
<br />
<br />
== Questions? ==<br />
<br />
Contact [mailto:sarah.baso@owasp.org Sarah Baso] or [mailto:tin.zaw@owasp.org Tin Zaw] <br />
<br />
<br />
<br />
[[Category:Global_Chapters_Committee]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=AppSec_USA_2011_chapters_workshop_agenda&diff=117755AppSec USA 2011 chapters workshop agenda2011-09-21T15:17:34Z<p>Tin Zaw: </p>
<hr />
<div> Join Remotely: https://www3.gotomeeting.com/join/627842590<br />
<br />
== General Information ==<br />
<br />
As part of [http://www.appsecusa.org/ AppSec USA 2011], on '''Wednesday, September 21,2011 at 12:00h-15:00h''' at the Minneapolis Convention Center (Room # M101-B), the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. ''Please note that this Workshop will take place on the day before the Conference starts.''<br />
<br />
'''Discussion topics include:'''<br />
* How to improve the current Chapter Leader Handbook?<br />
* How to start and support new chapters within Canada and the United States?<br />
* How to support inactive chapters within Canada and the United States?<br />
* What Governance model is required for OWASP chapters?<br />
* How can the Global Chapters Committee facilitate the North American chapters?<br />
* ...<br />
<br />
<br />
<br />
== Funding to Attend Workshop ==<br />
<br />
If you need financial assistance to attend the Chapter Leader Workshop at AppSec USA, please submit a request to [mailto:tin.zaw@owasp.org Tin Zaw] and [mailto:sarah.baso@owasp.org Sarah Baso] by '''August 8, 2011'''. <br />
<br />
<br />
Funding for your attendance to the workshop should be worked out in the following order. <br />
<br />
# Ask your employer to fund your trip to AppSec USA conference.<br />
# Utilize your chapter funds.<br />
# Ask the chapter committee for funding assistance. <br />
<br />
<br />
While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 8, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP. <br />
<br />
<br />
== Agenda ==<br />
<br />
Proposed agenda (open for discussion): <br />
<br />
{| border="0" align="center" style="width: 80%;"<br />
|-<br />
! align="center" colspan="3" | Minneapolis Convention Center - Room M101-B<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 12:00 - 12:15 <br />
| align="left" colspan="2" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Welcome and Introductions<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 12:15 - 1:00 <br />
| align="center" colspan="2" style="background: rgb(242, 242, 242) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Handling chapter finances''' <br />
''Introduction &amp; moderation: Tin Zaw, Participation: All '' <br />
<br />
Current chapter handbook [[:Chapter Handbook: Managing Money|section]] to be elaborated. <br />
<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 1:00 - 1:15<br />
| align="left" colspan="2" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Coffee Break<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 1:15 - 2:00<br />
| align="center" colspan="2" style="background: rgb(242, 242, 242) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Top 10 advice for new and veteran chapter leaders''' <br />
''Introduction &amp; moderation: Tin Zaw, Participation: All'' <br />
<br />
Create list [https://www.owasp.org/index.php/Talk:AppSec_USA_2011_chapters_workshop_agenda upfront and add action, impact and required support] from the Chapters Committee. <br />
<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 2:00 - 2:10<br />
| align="left" colspan="2" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Break<br />
|-<br />
| style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 15%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | 2:10 - 2:55<br />
| align="center" colspan="2" style="background: rgb(242, 242, 242) none repeat scroll 0% 0%; width: 75%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''How to cross-pollinate success between Canadian and US chapters?''' <br />
''Introduction &amp; moderation: Tin Zaw, Participation: All'' <br />
<br />
Look for good pollinator mechanisms and [https://www.owasp.org/index.php/Talk:AppSec_USA_2011_chapters_workshop_agenda define 7 goals] to be accomplished by AppSec USA 2012 in Austin, Texas.<br />
<br />
|}<br />
<br />
<br />
== Participants ==<br />
<br />
'''If you plan to attend, please fill in your name and chapter below:'''<br />
<br />
* Tin Zaw (Global Chapters Committee Chair) - Los Angeles Chapter <br />
* Sarah Baso (Global Chapters Committee Administrator)<br />
* Mandeep Khera (Bay Area Chapter Leader and Global Chapter Committee member)<br />
* Tom Brennan (New York City Metro Leader and International Board of Directors)<br />
* Kelly Santalucia (New York City Chapter Administrator / Global Membership Committee Administrator)<br />
* Sherif Koussa (Ottawa Chapter Leader)<br />
* Brian Van Norman (Cincinnati Chapter)<br />
* Jon Bango (Atlanta Chapter)<br />
* James Wickett (Austin Chapter)<br />
<br />
== Remote Participation ==<br />
<br />
There will be WiFi, so we can set up a Skype or WebEx conference call for people who want to listen in or participate remotely. <br />
<br />
Contact [mailto:sarah.baso@owasp.org Sarah Baso] if you are interested in participating remotely.<br />
<br />
<br />
== Chapters Workshop at AppSec EU ==<br />
<br />
[https://docs.google.com/a/owasp.org/document/d/1PrGmwy1pxs2cb4LyewXS4TonbzAY7nORWvj-NJYaEnk/edit?hl=en_US Minutes from Workshop]<br />
<br />
[[AppSecEU 2011 chapters workshop agenda]]<br />
<br />
<br />
== Revising the Chapter Leader Handbook ==<br />
<br />
We hope to make time and space available to do hands-on work revising the [[Chapter Leader Handbook]], details TBA.<br />
<br />
<br />
== Questions? ==<br />
<br />
Contact [mailto:sarah.baso@owasp.org Sarah Baso] or [mailto:tin.zaw@owasp.org Tin Zaw] <br />
<br />
<br />
<br />
[[Category:Global_Chapters_Committee]]</div>Tin Zawhttps://wiki.owasp.org/index.php?title=How_to_Join_a_Committee&diff=117301How to Join a Committee2011-09-13T21:22:10Z<p>Tin Zaw: </p>
<hr />
<div>[[:Global Committee Pages|Click here to return to the Global Committee Pages]]. <br />
<br />
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. <br> <br />
<br />
<br> Many individuals start with OWASP as a user of a user of tools guides or attending a local chapter. meeting. From that they may become a individual project leader of new tools guides contributing there expertise. Others may choose to become a active chapter leader in a state/region. Becoming a member of one of the Global Committees is not only a great achievement in the technical community, but is an opportunity to directly impact the future of OWASP Foundation globally. As a Global Committee member you are the voice for focus areas and represent the community around the world. The Global Committees ARE designed to develop a committee plan to focus on regional and global areas of improvement. Ideally you nominate a peer as a regional spokesperson and he/she is the conduit for global issues that has approx., 5-10+ hrs per month to volunteer time to OWASP Foundation. <br> <br />
<br />
<br> To encourage focus and participation, we suggest that volunteers contribute to '''ONE PRIMARY COMMITTEE'''. Individuals are '''welcome to participate''' in whatever committee they would like to on efforts, conference calls etc., but may only be officially elected to serve on one committee. <br />
<br />
*Note that to prevent conflict of interest, International OWASP Board Members cannot endorse candidates for any committee nor can a committee member endorse a candidate for their own committee. Committee members may endorse candidates for other committees to which they do not belong.<br />
<br />
*Committee members who wish to transfer between committees, should discuss this with their current committee first. They must begin a new application for the committee they want to move to.<br />
<br />
<br> Still have questions - [https://spreadsheets.google.com/a/owasp.org/viewform?hl=en&formkey=dFN1R2NIMTNROXN3dml4ZEcxXzJQYXc6MQ#gid=0 Contact Us] <br />
<br />
<br> Fill in one of the below application forms. <br> <br />
<br />
<br> <br />
<br />
=== Current Committee MEMBERS UNDER ELECTION - APPLICATION FORMS ===<br />
<br />
{| style="width: 90%" class="FCK__ShowTableBorders" border="0" align="center"<br />
|-<br />
| style="background: rgb(64,88,160); color: white; -moz-background-inline-policy: continuous" colspan="8" align="center" | '''OWASP GLOBAL COMMITTEES - UNDER ELECTION'''<br />
|-<br />
| style="width: 15%; background: rgb(242,152,76); -moz-background-inline-policy: continuous" align="center" | '''OWASP GLOBAL COMMITTEES''' <br />
| style="width: 15%; background: rgb(242,152,76); -moz-background-inline-policy: continuous" align="center" | '''[[Global Projects Committee|Projects]]''' <br />
| style="width: 14%; background: rgb(242,152,76); -moz-background-inline-policy: continuous" align="center" | '''[[Global Membership Committee|Membership]]''' <br />
| style="width: 14%; background: rgb(242,152,76); -moz-background-inline-policy: continuous" align="center" | '''[[Global Education Committee|Education]]''' <br />
| style="width: 14%; background: rgb(242,152,76); -moz-background-inline-policy: continuous" align="center" | '''[[Global Conferences Committee|Conferences]]''' <br />
| style="width: 14%; background: rgb(242,152,76); -moz-background-inline-policy: continuous" align="center" | '''[[Global Industry Committee|Industry]]''' <br />
| style="width: 14%; background: rgb(242,152,76); -moz-background-inline-policy: continuous" align="center" | '''[[Global Chapter Committee|Chapters]]''' <br />
| style="width: 14%; background: rgb(242,152,76); -moz-background-inline-policy: continuous" align="center" | '''[[OWASP Connections Committee|Connections]]'''<br />
|-<br />
| style="width: 15%; background: rgb(204,204,204); -moz-background-inline-policy: continuous" align="center" | '''Pending Applications -&gt;''' <br />
| style="width: 15%; background: rgb(204,204,204); -moz-background-inline-policy: continuous" align="center" | <strike>[[Global Projects and Tools Committee - Application 2|Brad Causey]]<br>[[Global Projects and Tools Committee - Application 3|Chris Schmidt]]<br>[[Global Projects and Tools Committee - Application 4|Justin Searle]]<br>[[Global Projects and Tools Committee - Application 5|Larry Casey]]<br>[[Global Projects and Tools Committee - Application 6|Keith Turpin]]</strike><br>[[Global Projects and Tools Committee - Application 1|Aryavalli Gandhi]]<br>add [[Global Projects and Tools Committee - Template|more]], if needed <br />
| style="width: 14%; background: rgb(204,204,204); -moz-background-inline-policy: continuous" align="center" | <strike>[[Global Membership Committee - Application 1|Tony UcedaVelez]]<br>[[Global Membership Committee - Application 3|Ofer Maor]]<br>[[Global Membership Committee - Application 5|Helen Gao]]</strike><br>[[Global Membership Committee - Application 4|Aryavalli Gandhi]]<br>add [[Global Membership - Template|more]], if needed <br />
| style="width: 14%; background: rgb(204,204,204); -moz-background-inline-policy: continuous" align="center" | <strike>[[Global Education Committee - Application 6|Zaki Akhmad]]</strike><br>[[Global Education Committee - Application 2|Carlos Serrão]]<br>[[Global Education Committee - Application 3|Sébastien Gioria]]<br>[[Global Education Committee - Application 5|Marc Chisinevski]]<br> [[Global Education Committee - Application 7|Tony Gottlieb]] <br>add [[Global Education Committee - Template|more]], if needed <br />
| style="width: 14%; background: rgb(204,204,204); -moz-background-inline-policy: continuous" align="center" | <strike>[[Global Conferences Committee - Application 7|Mohd Fazli Azra]]<br>[[Global Conferences Committee - Application 9|Benjamin (Ben) Tomhave]]</strike><br>[[Global Conferences Committee - Application 8|Zhendong Yu]]<br>[[Global Conferences Committee - Application 10|Josh Sokol]]<br>[[Global Conferences Committee - Application 11|Application 11]]<br>[[Global Conferences Committee - Application 12|Application 12]]<br>[[Global Conferences Committee - Application 13|Application 13]]<br>add [[Global Conferences Committee - Template|more]], if needed <br />
| style="width: 14%; background: rgb(204,204,204); -moz-background-inline-policy: continuous" align="center" | <strike>[[Global Industry Committee - Application 1|Colin Watson]]<br>[[Global Industry Committee - Application 2|Alexander Fry]]<br>[[Global Industry Committee - Application 3|Yiannis Pavlosoglou]]<br>[[Global Industry Committee - Application 4|Joe Bernik]]<br>[[Global Industry Committee - Application 5|Lorna Alamri]]<br> [[Global Industry Committee - Application 6|Nishi Kumar]]<br>[[Global Industry Committee - Application 8|Mauro Florez]] <br>[[Global Industry Committee - Application 9|Mateo Martinez]]<br>[[Global Industry Committee - Application 10|Sherif Koussa]]<br>[[Global Industry Committee - Application 12|Christian Papathanasiou]]</strike><br>[[Global Industry Committee - Application 13|Michael Scovetta]]<br>[[Global Industry Committee - Application 14|Applicant 14]]<br>[[Global Industry Committee - Application 15|Applicant 15]] <br>add [[Global Industry Committee - Template|more]], if needed <br />
| style="width: 14%; background: rgb(204,204,204); -moz-background-inline-policy: continuous" align="center" | <strike><br>[[Global Chapter Committee - Application 3|Mandeep Khera]]<br></strike>[[Global Chapter Committee - Application 4|Tin Zaw.]]<strike><br>[[Global Chapter Committee - Application 5|L. Gustavo C. Barbato]]</strike><br>[[Global Chapter Committee - Application 8|Josh Sokol]]<br>[[Global Chapter Committee - Application 9|Application 9]]<br>[[Global Chapter Committee - Application 10|Application 10]]<br>add [[Global Chapter Committee - Template|more]], if needed <br />
| style="width: 14%; background: rgb(204,204,204); -moz-background-inline-policy: continuous" align="center" | <strike>[[OWASP Connections Committee - Application 3|Justin Clarke]]<br>[[OWASP Connections Committee - Application 4|Jim Manico]]<br>[[OWASP Connections Committee - Application 6|Doug Wilson]]</strike><br>[[OWASP Connections Committee - Application 2|Robert Hansen]]<br>[[OWASP Connections Committee - Application 5|Greg Genung]]<br>add [[OWASP Connections Committee - Template|more]], if needed<br />
|}<br />
<br />
=== MEMBERS WITH OWASP SUMMIT'S APPROVAL ===<br />
<br />
{| border="0" align="center" style="width: 90%;"<br />
|-<br />
| align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); -moz-background-inline-policy: continuous; color: white;" | '''OWASP GLOBAL COMMITTEES - ELECTED AT THE OWASP SUMMIT 08'''<br />
|-<br />
| align="center" style="background: none repeat scroll 0% 0% rgb(242, 152, 76); width: 15%; -moz-background-inline-policy: continuous;" | OWASP GLOBAL COMMITTEES <br />
| align="center" style="background: none repeat scroll 0% 0% rgb(242, 152, 76); width: 15%; -moz-background-inline-policy: continuous;" | [[Global Projects Committee|'''Projects''']] <br />
| align="center" style="background: none repeat scroll 0% 0% rgb(242, 152, 76); width: 14%; -moz-background-inline-policy: continuous;" | [[Global Membership Committee|'''Membership''']] <br />
| align="center" style="background: none repeat scroll 0% 0% rgb(242, 152, 76); width: 14%; -moz-background-inline-policy: continuous;" | [[Global Education Committee|'''Education''']] <br />
| align="center" style="background: none repeat scroll 0% 0% rgb(242, 152, 76); width: 14%; -moz-background-inline-policy: continuous;" | [[Global Conferences Committee|'''Conferences''']] <br />
| align="center" style="background: none repeat scroll 0% 0% rgb(242, 152, 76); width: 14%; -moz-background-inline-policy: continuous;" | [[Global Industry Committee|'''Industry''']] <br />
| align="center" style="background: none repeat scroll 0% 0% rgb(242, 152, 76); width: 14%; -moz-background-inline-policy: continuous;" | [[Global Chapter Committee|'''Chapters''']]<br />
|-<br />
| align="center" style="background: none repeat scroll 0% 0% rgb(204, 204, 204); width: 15%; -moz-background-inline-policy: continuous;" | Current committee members <br />
| align="left" style="background: none repeat scroll 0% 0% rgb(204, 204, 204); width: 15%; -moz-background-inline-policy: continuous;" | <br />
*[[:User:Dinis.cruz|Dinis Cruz]] <br />
*[[:Image:Image021-Jason Li.jpg|Jason Li]] <br />
*[[:Image:Image019-Matt Tesauro.jpg|Matt Tesauro]] <br />
*[[:Image:Image022-Leo Cavallari.jpg|Leo Cavallari]] <br />
*[[:Image:Image020-Pravir Chandra.jpg|Pravir Chandra]]<br />
<br />
| align="left" style="background: none repeat scroll 0% 0% rgb(204, 204, 204); width: 14%; -moz-background-inline-policy: continuous;" | <br />
*[[:User:Brennan|Tom Brennan]] <br />
*[[:Image:Image018-Dan Cornell.jpg|Dan Cornell]] <br />
*[[:Image:Image017-Michael Coates.jpg|Michael Coates]]<br />
<br />
| align="left" style="background: none repeat scroll 0% 0% rgb(204, 204, 204); width: 14%; -moz-background-inline-policy: continuous;" | <br />
*[[User:Sdeleersnyder|Seba Deleersnyder]] <br />
*[[:Image:Image007-Martin Knobloch.jpg|Martin Knobloch]] <br />
*[[:Image:Image012-Mano Paul.jpg|Mano Paul]] <br />
*[[:Image:Image008-Eduardo Neves.jpg|Eduardo Neves]] <br />
*[[:Image:Image010-Kuai Hinjosa.jpg|Kuai Hinjosa]] <br />
*[[:Image:Image011-Cecil Su.jpg|Cecil Su]] <br />
*[[:Image:Image009-Fabio Cerullo.jpg|Fabio Cerullo]]<br />
<br />
| align="left" style="background: none repeat scroll 0% 0% rgb(204, 204, 204); width: 14%; -moz-background-inline-policy: continuous;" | <br />
*[[:User:Wichers|Dave Wichers]] <br />
*[[:Image:Image005-Wayne Huang.jpg|Wayne Huang]] <br />
*[[:Image:Image003-Steve Antoniewicz.jpg|Steve Antoniewicz]] <br />
*[[:Image:Image004-Dhruv Soi.jpg|Dhruv Soi]]<br />
<br />
| align="left" style="background: none repeat scroll 0% 0% rgb(204, 204, 204); width: 14%; -moz-background-inline-policy: continuous;" | <br />
*[[:User:Brennan|Tom Brennan]] <br />
*[[:Image:Image014 Rex Booth.jpg|Rex Booth]] <br />
*[[:Image:Image016-Georg Hess.jpg|Georg Hess]] <br />
*[[:Image:Image013-Eoin Keary.jpg|Eoin Keary]] <br />
*[[:Image:Image015-David Campbell.jpg|David Campbell]]<br />
<br />
| align="left" style="background: none repeat scroll 0% 0% rgb(204, 204, 204); width: 14%; -moz-background-inline-policy: continuous;" | <br />
*[[User:Sdeleersnyder|Seba Deleersnyder]] <br />
*[[:Image:Image002-Puneet Mehta.jpg|Puneet Mehta]] <br />
*[[:Image:Image001-Wayne Huang.jpg|Wayne Huang]]<br />
<br />
|}</div>Tin Zaw