https://wiki.owasp.org/api.php?action=feedcontributions&user=Emomartin.owasp&feedformat=atomOWASP - User contributions [en]2024-03-29T10:47:49ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Los_Angeles/2018_Meetings&diff=243949Los Angeles/2018 Meetings2018-10-03T04:48:20Z<p>Emomartin.owasp: </p>
<hr />
<div>'''---December 2018''' <br />
<br />
''Speaker'':<br />
<br />
''Topic'':<br />
<br />
'''---November 2018''' <br />
<br />
''Speaker'': <br />
<br />
''Topic'': <br />
<br />
'''---October 25, 2018 Verizon Digital Media Services'''<br />
<br />
''Speaker'': <br />
<br />
''Topic'': <br />
<br />
'''---September 2018 Expert Dojo, Santa Monica'''<br />
<br />
Opening Talk: Rafal Los: The Meek [Developers] Have Inherited the Earth<br />
<br />
''Speaker'': Brian Knopf<br />
<br />
Focusing on Application Security and IoT Security with a different perspective. While compliance and risk are important to consider, proper protection comes from Threat Modeling environments on a regular basis and layering protection based on threats identified from the model. Putting systems and tools in-place for security requires understanding how an attacker would perform reconnaissance and exploit your environment. This approach allows my teams to operate with smaller budgets that deliver higher quality results while including source code audits, penetration testing, proactive outreach with security researchers, incident response, perimeter protection, and data analytics. This ensures that security products are used together to provide actionable data rather than just purchasing applications to check a protection box. It also reduces the cost of vulnerabilities since they are found earlier in the SDLC, enabling teams to focus more time on features and not fixes.<br />
<br />
''Topic'': '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2018 Hunting for the next IoT - Your Vulns are not a Paradigm Shift]'''<br />
<br />
We are often told in security that a product is groundbreaking, totally different than previous products, and a complete paradigm shift. These types of statements have been used to describe IoT devices, crypto currencies, and other new technologies. While they are new, the threats facing them are not. How do you move beyond the hype to identify real threats facing your product or environment? How can you maximize the limited resources your InfoSec or AppSec team has to make the best use of time and resources available? Have you assessed your threat model? Let me show you how to identify risk areas that everyone can agree on when laid out.<br />
<br />
'''---August 2018 Tinder, West Hollywood''' <br />
<br />
''Speaker'': Jim Manico <br />
<br />
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/ad visor for Signal Sciences. Jim is a frequent speaker on secure software practices, is a member of the JavaOne rock-star speaker and Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill and Oracle Press. Jim also volunteers for the OWASP foundation where he helps build application security standards and other documentation. <br />
<br />
''Topic'': [https://www.owasp.org/images/c/ce/OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf '''Why are we still talking about Cross Site Scripting in 2018?''']<br />
<br />
Why are we still talking about Cross Site Scripting in 2018? Because it's painfully difficult to defend against XSS even to this day. This talk is a fundamental update to the 2011 AppSec USA talk "The Past Present and Future of XSS Defense". We'll address new defensive strategies such as modern JavaScript framework defense in Angular, React and other frameworks. We'll also look at how CSP deployment has changed in the past 7 years illustrating the progressive use of content security which supports CSP v1, v2 and v3 concurrently. We will then look at advances in HTML sanitization on both the client and server and focus on sanitizers and defensive libraries that have stood the test of time in terms of maintenance and security.<br />
<br />
We'll also look at interesting design topics such as how HTML injection is still critical even in the face of rigorous XSS defense and how HTTPOnly cookies are largely ineffective. This talk should help developers and security professionals alike build a focused and modern strategy to defend against XSS in modern applications<br />
<br />
'''---July 2018''' <br />
<br />
''Speaker:'' Kevin Gosschalk <br />
<br />
''Topic:'' How Bots Decide What You Can Buy and How Much You'll Pay<br />
<br />
'''---June 2018''' <br />
<br />
''Speaker''''':''' Anant Kadiyala<br />
<br />
''Topic:'' Blockchain as Security Mechanism for Real World IoT<br />
<br />
'''---May 2018''' <br />
<br />
''Speaker:'' Pieter Danheiux <br />
<br />
''Topic''''':''' Improving Software Security in an Agile Environment<br />
<br />
'''---April 2018''' <br />
<br />
''Speaker:'' Jason Patterson <br />
<br />
''Topic''''':''' Cloud Security/Containers<br />
<br />
'''---March 2018''' <br />
<br />
''Speaker'': Ira Winkler<br />
<br />
''Topic'': Incorporating Security Practices into Business Processes<br />
<br />
'''---February 2018''' <br />
<br />
''Speaker'': Justin Regele<br />
<br />
''Topic'': Better Git Hacking; Extracting “deleted” secrets from Git databases with Grawler<br />
<br />
'''---January 28-31, 2018 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies. A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. [https://2018.appseccalifornia.org/ https://2018.appseccalifornia.org]</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=243948Los Angeles Presentation Archive2018-10-03T04:31:48Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2018==<br />
* December - <br />
* November - <br />
* October - <br />
* September - Brian Knopf: [https://www.owasp.org/images/6/67/OWASP_LA_Hunting_For_The_Next_IoT-Your_Vulns_Are_Not_A_Paradigm_Shift_Brian_Knopf_2018_09.pdf Hunting for the next IoT - Your Vulns are not a Paradigm Shift] <br />
* August - Jim Manico: Why are we still talking about Cross Site Scripting in 2018? [https://www.owasp.org/images/c/ce/OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf The Last XSS Defense Talk]<br />
* July - Kevin Gosschalk: How Bots Decide What You Can Buy and How Much You'll Pay <br />
* June - Anant Kadiyala: Blockchain as Security Mechanism for Real World IoT <br />
* May - Pieter Danheiux: Improving Software Security in an Agile Environment <br />
* April - Jason Patterson: Cloud Security/Containers <br />
* March - Ira Winkler: Incorporating Security Practices into Business Processes <br />
* February - Justin Regele: Better Git Hacking; Extracting “deleted” secrets from Git databases with Grawler <br />
* January - [https://2018.appseccalifornia.org Appsec California 2018]<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - Scott Stender: [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
* June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
* May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2018_Meetings&diff=243947Los Angeles/2018 Meetings2018-10-03T04:30:47Z<p>Emomartin.owasp: </p>
<hr />
<div>'''---December 13, 2018''' <br />
<br />
''Speaker'':<br />
<br />
''Topic'':<br />
<br />
'''---November 29, 2018''' <br />
<br />
''Speaker'': <br />
<br />
''Topic'': <br />
<br />
'''---October 25, 2018 Riot Games'''<br />
<br />
''Speaker'': <br />
<br />
''Topic'': <br />
<br />
'''---September 2018 Expert Dojo, Santa Monica'''<br />
<br />
''Speaker'': Brian Knopf<br />
<br />
Scott Stender is the leader of NCC Group's Cryptography Services practice. Scott co-founded iSEC Partners and joined NCC Group when it was acquired in 2010. Prior to iSEC, Scott worked in software development and security consulting in roles at Microsoft and @stake.Scott has helped organizations around the world create secure systems, including notable projects on major operating systems, cryptographic libraries, and several of the world's most critical applications. He has led projects across the full development lifecycle and throughout the technology stack ranging from requirements to release and hypervisors to hypertext.Scott’s broad research output has advanced both the security analysis of core technologies and the process of secure software engineering. He has contributed papers and talks, on topics ranging from practical attacks against Kerberos to securing legacy technology, to a number of leading security conferences and periodicals.<br />
<br />
''Topic'': '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2018 Hunting for the next IoT - Your Vulns are not a Paradigm Shift]'''<br />
<br />
We are often told in security that a product is groundbreaking, totally different than previous products, and a complete paradigm shift. These types of statements have been used to describe IoT devices, crypto currencies, and other new technologies. While they are new, the threats facing them are not. How do you move beyond the hype to identify real threats facing your product or environment? How can you maximize the limited resources your InfoSec or AppSec team has to make the best use of time and resources available? Have you assessed your threat model? Let me show you how to identify risk areas that everyone can agree on when laid out.<br />
<br />
'''---August 2018''' <br />
<br />
''Speaker'': <br />
<br />
''Topic'':<br />
<br />
'''---July 19 2018''' <br />
<br />
''Speaker:'' <br />
<br />
David Caissy is a web application penetration tester with in-depth developer and IT Security background spanning over 16 years. He has extensive experience in conducting vulnerability assessments and penetration tests as well as providing training globally, amongst numerous other teaching engagements. He has worked for a central bank, the Department of National Defense, various government agencies and private companies. David has been teaching web application security in colleges, conferences and for many government agencies over the last decade.<br />
<br />
''Topic:'' '''The New and Improved OWASP Top 10'''<br />
<br />
First released in 2003, the OWASP Top 10 has since become OWASP's main flagship project. With minor updates in 2004 and 2007 followed by major releases in 2010 and 2013, the Top 10 was due for a revision in 2018 that would better reflect the current web application security risks. This new release lives up to the expectations by improving the classification of application vulnerabilities while focusing more on the lack of protections, often highlighted in vulnerability assessments and penetration tests.This presentation about the new and improved top 10 most critical web application security risks will cover all 10 items while focusing on the improvements from the previous version.<br />
<br />
'''---June 28, 2018 Riot Games'''<br />
<br />
''Panel:'' '''Edward Bonver, Stu Schwartz, Aaron Guzman, Tony Trummer -''' moderated by '''Richard Greenberg'''<br />
<br />
'''Richard Greenberg''' is the OWASP Los Angeles Chapter Leader and the President of ISSA-Los Angeles. He has worked diligently to bring together the various Southern California IT and InfoSec organizations to enhance their collaboration efforts, to help reach new IT and InfoSec professionals. His day job is the Information Security Officer for LA County Public Health.<br />
<br />
'''Edward Bonver''' is OWASP Los Angeles chapter board member and lead, and is a co-organizer of OWASP California regional application security conferences and summits, and a frequent speaker at global security events and conferences. His security community contributions include active participation in groups like OWASP, SAFECode, (ISC)2, IEEE Center for Secure Design, and more. He CISSP and CSSLP certifications, a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology.<br />
<br />
'''Stu Schwartz''' has over 20 years experience as a programmer and over 10 years as an application security practitioner. As part of the product security team, Stu worked with application teams across the company promoting application software security. His responsibilities include teaching secure coding and security testing classes, working with various security tools and coordinating external penetration tests. Stu holds certifications in CISSP & CSSLP. He is also between gigs and would be a valuable assist to your organization.<br />
<br />
'''Tony Trummer''' currently leads the Security team at '''''Tinder''''' in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA and Hack In the Box.<br />
<br />
'''Aaron Guzman''' is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. He has spoken at a number of conferences world wide which include Defcon, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on twitter at @scriptingxss<br />
<br />
''Topic''''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 What DOES it Take to Produce Secure Software]'''<br />
<br />
In today's technologically diverse, rapidly evolving and incredibly complex world, software makers face many challenges when it comes to producing secure software offerings. Many software security tools and services vendors want to sell you their silver bullet solutions, that supposedly solve the software security problem. There are a number of security certifications out there which are meant to help you address the problem. There are many security consultants and subject matter experts who will tell you how to do it right; there are books and magazines, podcasts, webinars, security conferences, meetups, YouTube videos aimed at helping you, while confusing you even further! So as a software maker, how do you tackle this problem? Where do you begin? How do you advance? How do you make sense of it all? What DOES it take to produce secure software? This OWASP LA panel consists of people who spent their entire careers in the trenches exploring and being consistently challenged by this problem space. The panelists will share their success and failure stories, as well as philosophical views based on their individual experiences from operating in diverse environments, trying to figure out that same question: What DOES it take?<br />
<br />
'''---May 24, 2018 Verizon Digital Media Services'''<br />
<br />
Opening Talk: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News]<br />
<br />
''Speaker:'' '''Shane MacDougall'''<br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
''Topic''''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2018 Riot Games HQ, Los Angeles'''<br />
<br />
''Speaker:'' '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
''Topic''''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2018 Symantec Offices, Culver City'''<br />
<br />
''Speaker'': '''Jeff Williams'''<br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown.<br />
<br />
''Topic'': '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2018, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2018 Symantec Offices, Culver City'''<br />
<br />
''Speaker'': '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
''Topic'': '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2018 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies. A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. [https://2017.appseccalifornia.org/ https://2018.][[appseccalifornia.org]]/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=243946Los Angeles2018-10-03T04:13:14Z<p>Emomartin.owasp: /* OWASP Individual Membership Info */</p>
<hr />
<div>= Welcome =<br />
<br />
<h2>Welcome to the OWASP Los Angeles Chapter!</h2><br />
<br />
[https://www.owasp.org/index.php/WASPY_Awards_2013/ OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY]<br />
<br><br />
The chapter leadership includes: [mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President, [mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member, [mailto:edward@owasp.org Edward Bonver] -- Board Member, [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member, [mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member, [mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member, [mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member<br />
<br><br />
[[Image:New_OWASP_LA_Logo-08-2014.jpg|700px|New_OWASP_LA_Logo-08-2014.jpg]]<br />
<h2>[http://www.meetup.com/OWASP-Los-Angeles https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-Los-Angeles We are on Meetup. Please join our community here]</h2><br />
<br><br />
<br />
<h2>Become a Sponsor</h2><br />
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission <br />
=== See all of our Chapter sponsors here: === <br />
https://www.meetup.com/OWASP-Los-Angeles/sponsors/<br />
<br />
''[[File:Button_red_sponsor.png|300px| left | link=https://www.eventbrite.com/e/owasp-los-angeles-chapter-meeting-sponsor-tickets-30572600471]]'' <br />
<br />
- Meet upwards of 80-120 potential new clients<br />
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site<br />
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.<br />
- Have a table at local chapter meeting with lots of time to meet and greet attendees<br />
- Promote your products and services<br />
- Bring a raffle prize to gather business cards and contact information<br />
The cost is only $1,200<br />
<br />
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations<br />
{{Chapter Template|chaptername=Los Angeles|extra=<br />
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-losangeles|emailarchives=http://lists.owasp.org/pipermail/owasp-losangeles/}} <br />
<br />
= Meetings =<br />
<br />
== '''Upcoming OWASP Meetings''' ==<br />
<br><br />
https://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Would you like to speak at an OWASP Los Angeles Meeting? == <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:casio@owasp.org Cassio Goldschmidt] OR [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
== Join Us on Meetup! ==<br />
<br />
http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Become an OWASP Member TODAY ==<br />
<br />
=== OWASP Individual Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Individual_Member<br />
<br />
=== OWASP Corporate Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Corporate_Membership<br />
<br />
== Meeting Archives ==<br />
[[Los Angeles Presentation Archive |Presentation Archive]]<br />
<br />
[[Los Angeles/2018 Meetings|2018 Meetings]]<br />
<br />
[[Los Angeles/2017 Meetings|2017 Meetings]]<br />
<br />
[[Los Angeles/2016 Meetings|2016 Meetings]]<br />
<br />
[[Los Angeles/2015 Meetings|2015 Meetings]]<br />
<br />
[[Los Angeles/2014 Meetings|2014 Meetings]]<br />
<br />
[[Los Angeles/2013 Meetings|2013 Meetings]]<br />
<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]]<!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
= OWASP LA Conferences =<br />
<br />
https://2018.appseccalifornia.org/ Appsec California 2018 Jan 30-31, 2018 / Training Jan 28-29<br />
<br />
https://2017.appseccalifornia.org/ AppSec California 2017 held once again at the amazing Annenberg Community Beach House, right on the beach in Santa Monica, January 23-25, 2017, was a great success!<br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
= Chapter Sponsors =<br />
<br />
<br />
<br />
= Chapter Leaders =<br />
<br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
*[mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member <br />
*[mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member<br />
*[mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member <br />
<br />
OWASP Wiki: [mailto:president.la@owasp.org Chapter President] <br><br />
The Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:California]]<br />
__NOTOC__ <headertabs></headertabs></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2018_Meetings&diff=243945Los Angeles/2018 Meetings2018-10-03T04:11:47Z<p>Emomartin.owasp: Created page with "January"</p>
<hr />
<div>January</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=243944Los Angeles2018-10-03T04:02:17Z<p>Emomartin.owasp: </p>
<hr />
<div>= Welcome =<br />
<br />
<h2>Welcome to the OWASP Los Angeles Chapter!</h2><br />
<br />
[https://www.owasp.org/index.php/WASPY_Awards_2013/ OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY]<br />
<br><br />
The chapter leadership includes: [mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President, [mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member, [mailto:edward@owasp.org Edward Bonver] -- Board Member, [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member, [mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member, [mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member, [mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member<br />
<br><br />
[[Image:New_OWASP_LA_Logo-08-2014.jpg|700px|New_OWASP_LA_Logo-08-2014.jpg]]<br />
<h2>[http://www.meetup.com/OWASP-Los-Angeles https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-Los-Angeles We are on Meetup. Please join our community here]</h2><br />
<br><br />
<br />
<h2>Become a Sponsor</h2><br />
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission <br />
=== See all of our Chapter sponsors here: === <br />
https://www.meetup.com/OWASP-Los-Angeles/sponsors/<br />
<br />
''[[File:Button_red_sponsor.png|300px| left | link=https://www.eventbrite.com/e/owasp-los-angeles-chapter-meeting-sponsor-tickets-30572600471]]'' <br />
<br />
- Meet upwards of 80-120 potential new clients<br />
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site<br />
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.<br />
- Have a table at local chapter meeting with lots of time to meet and greet attendees<br />
- Promote your products and services<br />
- Bring a raffle prize to gather business cards and contact information<br />
The cost is only $1,200<br />
<br />
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations<br />
{{Chapter Template|chaptername=Los Angeles|extra=<br />
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-losangeles|emailarchives=http://lists.owasp.org/pipermail/owasp-losangeles/}} <br />
<br />
= Meetings =<br />
<br />
== '''Upcoming OWASP Meetings''' ==<br />
<br><br />
https://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Would you like to speak at an OWASP Los Angeles Meeting? == <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:casio@owasp.org Cassio Goldschmidt] OR [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
== Join Us on Meetup! ==<br />
<br />
http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Become an OWASP Member TODAY ==<br />
<br />
=== OWASP Individual Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Individual_Member<br />
<br />
=== OWASP Corporate Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Corporate_Membership<br />
<br />
== Meeting Archives ==<br />
[[Los Angeles Presentation Archive |Presentation Archive]]<br />
<br />
[[Los Angeles/2017 Meetings|2017 Meetings]]<br />
<br />
[[Los Angeles/2016 Meetings|2016 Meetings]]<br />
<br />
[[Los Angeles/2015 Meetings|2015 Meetings]]<br />
<br />
[[Los Angeles/2014 Meetings|2014 Meetings]]<br />
<br />
[[Los Angeles/2013 Meetings|2013 Meetings]]<br />
<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]]<!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
= OWASP LA Conferences =<br />
<br />
https://2018.appseccalifornia.org/ Appsec California 2018 Jan 30-31, 2018 / Training Jan 28-29<br />
<br />
https://2017.appseccalifornia.org/ AppSec California 2017 held once again at the amazing Annenberg Community Beach House, right on the beach in Santa Monica, January 23-25, 2017, was a great success!<br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
= Chapter Sponsors =<br />
<br />
<br />
<br />
= Chapter Leaders =<br />
<br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
*[mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member <br />
*[mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member<br />
*[mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member <br />
<br />
OWASP Wiki: [mailto:president.la@owasp.org Chapter President] <br><br />
The Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:California]]<br />
__NOTOC__ <headertabs></headertabs></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=243941Los Angeles2018-10-03T03:56:48Z<p>Emomartin.owasp: </p>
<hr />
<div>= Welcome =<br />
<br />
<h2>Welcome to the OWASP Los Angeles Chapter!</h2><br />
<br />
[https://www.owasp.org/index.php/WASPY_Awards_2013/ OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY]<br />
<br><br />
The chapter leadership includes: [mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President, [mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member, [mailto:edward@owasp.org Edward Bonver] -- Board Member, [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member, [mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member, [mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member, [mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member<br />
<br><br />
[[Image:New_OWASP_LA_Logo-08-2014.jpg|700px|New_OWASP_LA_Logo-08-2014.jpg]]<br />
<h2>[http://www.meetup.com/OWASP-Los-Angeles https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-Los-Angeles We are on Meetup. Please join our community here]</h2><br />
<br><br />
<br />
<h2>Become a Sponsor</h2><br />
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission <br />
=== See all of our Chapter sponsors here: === <br />
https://www.meetup.com/OWASP-Los-Angeles/sponsors/<br />
<br />
''[[File:Button_red_sponsor.png|300px| left | link=https://www.eventbrite.com/e/owasp-los-angeles-chapter-meeting-sponsor-tickets-30572600471]]'' <br />
<br />
- Meet upwards of 80-120 potential new clients<br />
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site<br />
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.<br />
- Have a table at local chapter meeting with lots of time to meet and greet attendees<br />
- Promote your products and services<br />
- Bring a raffle prize to gather business cards and contact information<br />
The cost is only $1,200<br />
<br />
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations<br />
{{Chapter Template|chaptername=Los Angeles|extra=<br />
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-losangeles|emailarchives=http://lists.owasp.org/pipermail/owasp-losangeles/}} <br />
<br />
= Meetings =<br />
<br />
== '''Upcoming OWASP Meetings''' ==<br />
<br><br />
https://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Would you like to speak at an OWASP Los Angeles Meeting? == <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:casio@owasp.org Cassio Goldschmidt] OR [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
== Join Us on Meetup! ==<br />
<br />
http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Become an OWASP Member TODAY ==<br />
<br />
=== OWASP Individual Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Individual_Member<br />
<br />
=== OWASP Corporate Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Corporate_Membership<br />
<br />
== Meeting Archives ==<br />
[[Los Angeles Presentation Archive |Presentation Archive]]<br />
<br />
[[Los Angeles/2018 Meetings|2018 Meetings]]<br />
<br />
[[Los Angeles/2017 Meetings|2017 Meetings]]<br />
<br />
[[Los Angeles/2016 Meetings|2016 Meetings]]<br />
<br />
[[Los Angeles/2015 Meetings|2015 Meetings]]<br />
<br />
[[Los Angeles/2014 Meetings|2014 Meetings]]<br />
<br />
[[Los Angeles/2013 Meetings|2013 Meetings]]<br />
<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]]<!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
= OWASP LA Conferences =<br />
<br />
https://2018.appseccalifornia.org/ Appsec California 2018 Jan 30-31, 2018 / Training Jan 28-29<br />
<br />
https://2017.appseccalifornia.org/ AppSec California 2017 held once again at the amazing Annenberg Community Beach House, right on the beach in Santa Monica, January 23-25, 2017, was a great success!<br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
= Chapter Sponsors =<br />
<br />
<br />
<br />
= Chapter Leaders =<br />
<br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
*[mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member <br />
*[mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member<br />
*[mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member <br />
<br />
OWASP Wiki: [mailto:president.la@owasp.org Chapter President] <br><br />
The Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:California]]<br />
__NOTOC__ <headertabs></headertabs></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=243940Los Angeles Presentation Archive2018-10-03T00:33:39Z<p>Emomartin.owasp: /* 2018 */</p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2018==<br />
* December - <br />
* November - <br />
* October - <br />
* September - Brian Knopf: [https://www.owasp.org/images/6/67/OWASP_LA_Hunting_For_The_Next_IoT-Your_Vulns_Are_Not_A_Paradigm_Shift_Brian_Knopf_2018_09.pdf Hunting for the next IoT - Your Vulns are not a Paradigm Shift] <br />
* August - Jim Manico: Why are we still talking about Cross Site Scripting in 2018? [https://www.owasp.org/images/c/ce/OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf The Last XSS Defense Talk]<br />
* July - Kevin Gosschalk: How Bots Decide What You Can Buy and How Much You'll Pay <br />
* June - Anant Kadiyala: Blockchain as Security Mechanism for Real World IoT <br />
* May - Pieter Danheiux: Improving Software Security in an Agile Environment <br />
* April - Jason Patterson: Cloud Security/Containers <br />
* March - Ira Winkler: Incorporating Security Practices into Business Processes <br />
* February - Justin Regele: Better Git Hacking; Extracting “deleted” secrets from Git databases with Grawler <br />
* January - [https://2018.appseccalifornia.org Appsec California 2018]<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - Scott Stender: [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=243939Los Angeles Presentation Archive2018-10-03T00:33:13Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2018==<br />
* December - <br />
* November - <br />
* October - <br />
* September - Brian Knopf: Hunting for the next IoT - Your Vulns are not a Paradigm Shift <br />
* August - Jim Manico: Why are we still talking about Cross Site Scripting in 2018? [https://www.owasp.org/images/c/ce/OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf The Last XSS Defense Talk]<br />
* July - Kevin Gosschalk: How Bots Decide What You Can Buy and How Much You'll Pay <br />
* June - Anant Kadiyala: Blockchain as Security Mechanism for Real World IoT <br />
* May - Pieter Danheiux: Improving Software Security in an Agile Environment <br />
* April - Jason Patterson: Cloud Security/Containers <br />
* March - Ira Winkler: Incorporating Security Practices into Business Processes <br />
* February - Justin Regele: Better Git Hacking; Extracting “deleted” secrets from Git databases with Grawler <br />
* January - [https://2018.appseccalifornia.org Appsec California 2018]<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - Scott Stender: [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=File:OWASP_LA_Hunting_For_The_Next_IoT-Your_Vulns_Are_Not_A_Paradigm_Shift_Brian_Knopf_2018_09.pdf&diff=243938File:OWASP LA Hunting For The Next IoT-Your Vulns Are Not A Paradigm Shift Brian Knopf 2018 09.pdf2018-10-03T00:31:45Z<p>Emomartin.owasp: OWASP Los Angeles monthly meeting presentation</p>
<hr />
<div>OWASP Los Angeles monthly meeting presentation</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=242884Los Angeles Presentation Archive2018-08-28T05:26:56Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2018==<br />
* December - <br />
* November - <br />
* October - <br />
* September - <br />
* August - Jim Manico: Why are we still talking about Cross Site Scripting in 2018? [https://www.owasp.org/images/c/ce/OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf The Last XSS Defense Talk]<br />
* July - Kevin Gosschalk: How Bots Decide What You Can Buy and How Much You'll Pay <br />
* June - Anant Kadiyala: Blockchain as Security Mechanism for Real World IoT <br />
* May - Pieter Danheiux: Improving Software Security in an Agile Environment <br />
* April - Jason Patterson: Cloud Security/Containers <br />
* March - Ira Winkler: Incorporating Security Practices into Business Processes <br />
* February - Justin Regele: Better Git Hacking; Extracting “deleted” secrets from Git databases with Grawler <br />
* January - [https://2018.appseccalifornia.org Appsec California 2018]<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - Scott Stender: [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=242883Los Angeles Presentation Archive2018-08-28T05:25:29Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2018==<br />
* December - <br />
* November - <br />
* October - <br />
* September - <br />
* August - Jim Manico: Why are we still talking about Cross Site Scripting in 2018? [https://www.owasp.org/images/c/ce/OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf The Last XSS Defense Talk]<br />
* July - Kevin Gosschalk: How Bots Decide What You Can Buy and How Much You'll Pay <br />
* June - Anant Kadiyala: Blockchain as Security Mechanism for Real World IoT <br />
* May - Pieter Danheiux: Improving Software Security in an Agile Environment <br />
* April - Jason Patterson: Cloud Security/Containers <br />
* March - Ira Winkler: Incorporating Security Practices into Business Processes <br />
* February - Justin Regele: Better Git Hacking; Extracting “deleted” secrets from Git databases with Grawler <br />
* January - [https://2018.appseccalifornia.org Appsec California 2018]<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Scott Stender: Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=242882Los Angeles Presentation Archive2018-08-28T05:25:14Z<p>Emomartin.owasp: /* 2018 */</p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2018==<br />
* December - <br />
* November - <br />
* October - <br />
* September - <br />
* August - Jim Manico: Why are we still talking about Cross Site Scripting in 2018? [https://www.owasp.org/images/c/ce/OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf The Last XSS Defense Talk]<br />
* July - Kevin Gosschalk: How Bots Decide What You Can Buy and How Much You'll Pay <br />
* June - Anant Kadiyala: Blockchain as Security Mechanism for Real World IoT <br />
* May - Pieter Danheiux: Improving Software Security in an Agile Environment <br />
* April - Jason Patterson: Cloud Security/Containers <br />
* March - Ira Winkler: Incorporating Security Practices into Business Processes <br />
* February - Justin Regele: Better Git Hacking; Extracting “deleted” secrets from Git databases with Grawler <br />
* January - [https://2018.appseccalifornia.org Appsec California 2018]<br />
<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Scott Stender: Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=242881Los Angeles Presentation Archive2018-08-28T05:16:48Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2018==<br />
* December - <br />
* November - <br />
* October - <br />
* September - <br />
* August - Jim Manico: Why are we still talking about Cross Site Scripting in 2018? [https://www.owasp.org/images/c/ce/OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf The Last XSS Defense Talk]<br />
* July - <br />
* June - <br />
* May - <br />
* April - <br />
* March - <br />
* February - <br />
* January - [https://2018.appseccalifornia.org Appsec California 2018]<br />
<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Scott Stender: Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=File:OWASP_LA_The_Last_XSS_Defense_Talk_Jim_Manico_2018_08.pdf&diff=242880File:OWASP LA The Last XSS Defense Talk Jim Manico 2018 08.pdf2018-08-28T05:12:35Z<p>Emomartin.owasp: </p>
<hr />
<div></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=242879Los Angeles Presentation Archive2018-08-28T05:10:16Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2018==<br />
* December - <br />
* November - <br />
* October - <br />
* September - <br />
* August - Jim Manico: Why are we still talking about Cross Site Scripting in 2018?<br />
* July - <br />
* June - <br />
* May - <br />
* April - <br />
* March - <br />
* February - <br />
* January - [https://2018.appseccalifornia.org Appsec California 2018]<br />
<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Scott Stender: Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=235983Los Angeles Presentation Archive2017-12-04T03:15:45Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [https://www.owasp.org/images/5/5b/OWASP_LA_Struts%2C_OSS_and_You_Mahesh_Babu_2017_10.pdf Struts, OSS & You] <br />
* September - [https://www.owasp.org/images/0/0e/OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf Scott Stender: Securely Deploying TLS 1.3]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [https://www.owasp.org/images/6/6a/OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf The New and Improved OWASP Top 10] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=235982Los Angeles Presentation Archive2017-12-04T03:12:36Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [//www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [[:File:OWASP LA Struts, OSS and You Mahesh Babu 2017 10.pdf|Struts, OSS & You]] <br />
* September - [[:File:OWASP LA Securely Deploying TLS 1.3 Scott Stender 2017 09.pdf|Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [[:File:OWASP LA New OWASP Top 10 David Caissy 2017 07.pdf|The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=235981Los Angeles Presentation Archive2017-12-04T03:03:26Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [[:File:OWASP LA Robert Lee Combating Account Takeover 2017 11.pdf|Combating Account Takeover]]<br />
* October - Mahesh Babu: [[:File:OWASP LA Struts, OSS and You Mahesh Babu 2017 10.pdf|Struts, OSS & You]] <br />
* September - [[:File:OWASP LA Securely Deploying TLS 1.3 Scott Stender 2017 09.pdf|Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [[:File:OWASP LA New OWASP Top 10 David Caissy 2017 07.pdf|The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''please contact speaker for a copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=235980Los Angeles Presentation Archive2017-12-04T02:54:19Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [https://www.owasp.org/images/a/af/OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf Combating Account Takeover]<br />
* October - Mahesh Babu: [[:File:OWASP LA Struts, OSS and You Mahesh Babu 2017 10.pdf|Struts, OSS & You]] <br />
* September - [[:File:OWASP LA Securely Deploying TLS 1.3 Scott Stender 2017 09.pdf|Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [[:File:OWASP LA New OWASP Top 10 David Caissy 2017 07.pdf|The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''speaker has not yet provided the copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=235979Los Angeles Presentation Archive2017-12-04T02:52:57Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [[:File:OWASP LA Robert Lee Combating Account Takeover 2017 11.pdf|Combating Account Takeover]]<br />
* October - Mahesh Babu: [[:File:OWASP LA Struts, OSS and You Mahesh Babu 2017 10.pdf|Struts, OSS & You]] <br />
* September - [[:File:OWASP LA Securely Deploying TLS 1.3 Scott Stender 2017 09.pdf|Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [[:File:OWASP LA New OWASP Top 10 David Caissy 2017 07.pdf|The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''speaker has not yet provided the copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=235978Los Angeles Presentation Archive2017-12-04T02:50:26Z<p>Emomartin.owasp: /* 2017 */</p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December - Joint Holiday Celebration with ISSA-LA & CSA LA: Infosec Trivia Night<br />
* November - Robert Lee: Detect and Contain: [[OWASP LA Robert Lee Combating Account Takeover 2017 11.pdf|Combating Account Takeover]]<br />
* October - Mahesh Babu: [[:File:OWASP LA Struts, OSS and You Mahesh Babu 2017 10.pdf|Struts, OSS & You]] <br />
* September - [[:File:OWASP LA Securely Deploying TLS 1.3 Scott Stender 2017 09.pdf|Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [[:File:OWASP LA New OWASP Top 10 David Caissy 2017 07.pdf|The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''speaker has not yet provided the copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security of Mobile Ad Hoc and Wireless Sensor Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton - Pulling The Plug-Security Risks in Next Generation Offline Web Apps - OWASP LA OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching software run 11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001 OWASPLA Shankar 10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC ED OWASP XSS MAY2008 v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud Computing Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=File:OWASP_LA_Robert_Lee_Combating_Account_Takeover_2017_11.pdf&diff=235977File:OWASP LA Robert Lee Combating Account Takeover 2017 11.pdf2017-12-04T02:44:51Z<p>Emomartin.owasp: Presentation from OWASP Los Angeles November meeting</p>
<hr />
<div>Presentation from OWASP Los Angeles November meeting</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=234755Los Angeles2017-10-30T06:31:49Z<p>Emomartin.owasp: </p>
<hr />
<div>= Welcome =<br />
<br />
<h2>Welcome to the OWASP Los Angeles Chapter!</h2><br />
<br />
[https://www.owasp.org/index.php/WASPY_Awards_2013/ OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY]<br />
<br />
[[Image:New_OWASP_LA_Logo-08-2014.jpg|700px|New_OWASP_LA_Logo-08-2014.jpg]]<br />
<h2>[http://www.meetup.com/OWASP-Los-Angeles https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-Los-Angeles We are on Meetup. Please join our community here]</h2><br />
{{Chapter Template|chaptername=Los Angeles|extra=The chapter leadership includes: [mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President, [mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member, [mailto:edward@owasp.org Edward Bonver] -- Board Member, [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member, [mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member, [mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member, [mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member<br />
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-losangeles|emailarchives=http://lists.owasp.org/pipermail/owasp-losangeles/}} <br />
<br />
= Meetings =<br />
<br />
== '''Upcoming OWASP Meetings''' ==<br />
<br><br />
https://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Would you like to speak at an OWASP Los Angeles Meeting? == <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:casio@owasp.org Cassio Goldschmidt] OR [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
== Join Us on Meetup! ==<br />
<br />
http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Become an OWASP Member TODAY ==<br />
<br />
=== OWASP Individual Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Individual_Member<br />
<br />
=== OWASP Corporate Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Corporate_Membership<br />
<br />
== Meeting Archives ==<br />
[[Los Angeles Presentation Archive |Presentation Archive]]<br />
<br />
[[Los Angeles/2017 Meetings|2017 Meetings]]<br />
<br />
[[Los Angeles/2016 Meetings|2016 Meetings]]<br />
<br />
[[Los Angeles/2015 Meetings|2015 Meetings]]<br />
<br />
[[Los Angeles/2014 Meetings|2014 Meetings]]<br />
<br />
[[Los Angeles/2013 Meetings|2013 Meetings]]<br />
<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]]<!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
= OWASP LA Conferences =<br />
<br />
https://2018.appseccalifornia.org/ Appsec California 2018 Jan 30-31, 2018 / Training Jan 28-29<br />
<br />
https://2017.appseccalifornia.org/ AppSec California 2017 held once again at the amazing Annenberg Community Beach House, right on the beach in Santa Monica, January 23-25, 2017, was a great success!<br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
= Chapter Sponsors =<br />
<br />
<br />
== Support OWASP Los Angeles == <br />
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission <br />
=== See all of our Chapter sponsors here: === <br />
https://www.meetup.com/OWASP-Los-Angeles/sponsors/<br />
<br />
''[[File:Button_red_sponsor.png|300px| center | link=https://www.eventbrite.com/e/owasp-los-angeles-chapter-meeting-sponsor-tickets-30572600471]]'' <br />
<br />
<br><br />
Get the following benefits:<br />
<br />
- Meet upwards of 80-120 potential new clients<br />
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site<br />
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.<br />
- Have a table at local chapter meeting with lots of time to meet and greet attendees<br />
- Promote your products and services<br />
- Bring a raffle prize to gather business cards and contact information<br />
The cost is only $1,200<br />
<br />
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations<br />
<br />
= Chapter Leaders =<br />
<br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
*[mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member <br />
*[mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member<br />
*[mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member <br />
<br />
OWASP Wiki: [mailto:president.la@owasp.org Chapter President] <br><br />
The Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:California]]<br />
__NOTOC__ <headertabs></headertabs></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles&diff=234754Los Angeles2017-10-30T06:25:13Z<p>Emomartin.owasp: </p>
<hr />
<div>= Welcome =<br />
<br />
<h2>Welcome to the OWASP Los Angeles Chapter!</h2><br />
<br />
[https://www.owasp.org/index.php/WASPY_Awards_2013/ OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY]<br />
<br />
[[Image:New_OWASP_LA_Logo-08-2014.jpg|700px|New_OWASP_LA_Logo-08-2014.jpg]]<br />
<h2>[http://www.meetup.com/OWASP-Los-Angeles https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-Los-Angeles We are on Meetup. Please join our community here]</h2><br />
{{Chapter Template|chaptername=Los Angeles|extra=The chapter leadership includes: [mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President, [mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member, [mailto:edward@owasp.org Edward Bonver] -- Board Member, [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member, [mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member, [mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member, [mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member<br />
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-losangeles|emailarchives=http://lists.owasp.org/pipermail/owasp-losangeles/}} <br />
<br />
= Meetings =<br />
<br />
== '''Upcoming OWASP Meetings''' ==<br />
<br><br />
https://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Would you like to speak at an OWASP Los Angeles Meeting? == <br />
<br />
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:casio@owasp.org Cassio Goldschmidt] OR [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license. <br />
<br />
== Join Us on Meetup! ==<br />
<br />
http://www.meetup.com/OWASP-Los-Angeles/<br />
<br />
== Become an OWASP Member TODAY ==<br />
<br />
=== OWASP Individual Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Individual_Member<br />
<br />
=== OWASP Corporate Membership Info ===<br />
<br />
https://www.owasp.org/index.php/Corporate_Membership<br />
<br />
== Meeting Archives ==<br />
[[Los Angeles Presentation Archive |Presentation Archive]]<br />
<br />
[[Los Angeles/2017 Meetings|2017 Meetings]]<br />
<br />
[[Los Angeles/2016 Meetings|2016 Meetings]]<br />
<br />
[[Los Angeles/2015 Meetings|2015 Meetings]]<br />
<br />
[[Los Angeles/2014 Meetings|2014 Meetings]]<br />
<br />
[[Los Angeles/2013 Meetings|2013 Meetings]]<br />
<br />
[[Los Angeles/2012 Meetings|2012 Meetings]] <br />
<br />
[[Los Angeles/2011 Meetings|2011 Meetings]] <br />
<br />
[[Los Angeles/2010 Meetings|2010 Meetings]] <br />
<br />
[[Los Angeles/2009 Meetings|2009 Meetings]] <br />
<br />
[[Los Angeles/2008 Meetings|2008 Meetings]]<!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].--> <br />
<br />
= OWASP LA Conferences =<br />
<br />
https://2017.appseccalifornia.org/ AppSec California 2017, held once again at the amazing Annenberg Community Beach House, right on the beach in Santa Monica, January 23-25, 2017, was a great success!<br />
<br />
Web archive: http://2010.AppSecUSA.org <br />
<br />
Videos: http://vimeo.com/user4863863/videos<br> <br />
<br />
[[Image:AppSec Logo.jpg|362x106px|AppSec Logo.jpg]] <br />
<br />
= Chapter Sponsors =<br />
<br />
<br />
== Support OWASP Los Angeles == <br />
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission <br />
=== See all of our Chapter sponsors here: === <br />
https://www.meetup.com/OWASP-Los-Angeles/sponsors/<br />
<br />
''[[File:Button_red_sponsor.png|300px| center | link=https://www.eventbrite.com/e/owasp-los-angeles-chapter-meeting-sponsor-tickets-30572600471]]'' <br />
<br />
<br><br />
Get the following benefits:<br />
<br />
- Meet upwards of 80-120 potential new clients<br />
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site<br />
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.<br />
- Have a table at local chapter meeting with lots of time to meet and greet attendees<br />
- Promote your products and services<br />
- Bring a raffle prize to gather business cards and contact information<br />
The cost is only $1,200<br />
<br />
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations<br />
<br />
= Chapter Leaders =<br />
<br />
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President <br />
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member<br />
*[mailto:edward@owasp.org Edward Bonver] -- Board Member<br />
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member <br />
*[mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member <br />
*[mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member<br />
*[mailto:edmond.momartin@owasp.org Edmond Momartin] -- Board Member <br />
<br />
OWASP Wiki: [mailto:president.la@owasp.org Chapter President] <br><br />
The Los Angeles chapter was founded by Cassio Goldschmidt. <br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:California]]<br />
__NOTOC__ <headertabs></headertabs></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=234753Los Angeles Presentation Archive2017-10-30T06:22:21Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November - Robert Lee: Detect and Contain: Combating Account Takeover<br />
* October - Mahesh Babu: [[:File:OWASP LA Struts, OSS and You Mahesh Babu 2017 10.pdf|Struts, OSS & You]] <br />
* September - [[:File:OWASP LA Securely Deploying TLS 1.3 Scott Stender 2017 09.pdf|Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications ('''''Coming Soon''''')<br />
* July - David Caissy: [[:File:OWASP LA New OWASP Top 10 David Caissy 2017 07.pdf|The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices ('''''speaker has not yet provided the copy''''') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=234752Los Angeles Presentation Archive2017-10-30T06:16:28Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November - Robert Lee: Detect and Contain: Combating Account Takeover<br />
* October - Mahesh Babu: [[Struts, OSS & You]] <br />
* September - [[Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications<br />
* July - David Caissy: [[The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices (''speaker has not yet provided the copy'') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=234751Los Angeles Presentation Archive2017-10-30T06:14:40Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November - Robert Lee: Detect and Contain: Combating Account Takeover<br />
* October - [[Mahesh Babu: Struts 2 & You]] <br />
* September - [[Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications<br />
* July - David Caissy: [[The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices (''speaker has not yet provided the copy'') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=File:OWASP_LA_Struts,_OSS_and_You_Mahesh_Babu_2017_10.pdf&diff=234750File:OWASP LA Struts, OSS and You Mahesh Babu 2017 10.pdf2017-10-30T06:14:01Z<p>Emomartin.owasp: </p>
<hr />
<div></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=234749Los Angeles/2017 Meetings2017-10-30T06:13:37Z<p>Emomartin.owasp: </p>
<hr />
<div>'''---December 13, 2017 Microsoft Office''' <br />
<br />
<u>''Speaker''</u>: <br />
<br />
<u>''Topic''</u>: <br />
<br />
'''---November 29, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Robert Lee''' <br />
<br />
Robert E. Lee (Twitter: @robert e lee) is a seasoned leader and solutions-driven professional with over 25 years of experience in information technology and security. He is passionate about using security to enable business, manage risk, and protect assets and privacy.Robert is affiliated with the non-profit ISECOM organization and has contributed to open source projects such as OSSTMM, Unicornscan, and Sockstress. As a Sr Technical Program Manager with Twitter (since July2016), his current focus is on security controls that can help reduce ATO and other unwanted fraud in online applications.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Detect and Contain: Combating Account Takeover]'''<br />
<br />
In your environment, do you really know Who is doing What, from Where? How confident are you in your authentication controls and anomalous behavior detection? Does your behavior monitoring solution have the right data to give you relevant actionable findings? Are you overly burdening your users in the name of security,while still leaving them unprotected? This talk will shine a light on very common identity, authentication, and link-analysis practices that inhibit us from properly detecting threats, and ultimately, containing them.It will then introduce Risk Based Authorization as a model for online authentication and authorization.<br />
<br />
'''---October 25, 2017 Riot Games''' <br />
<br />
<u>''Speaker''</u>: '''Mahesh Babu''' <br />
<br />
Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Struts, OSS & You]'''<br />
<br />
What we are learning from the Equifax breach and recent Struts 2 vulnerabilities and what you can do to step up your assessment & remediation efforts. As you may already know, the root cause of the Equifax breach was a web application security issue tied to a widely used software framework called Apache Struts 2. Teams everywhere continue to see these issues and exploit attempts from all over the world. In this session you will:<br />
* Get the inside scoop on what we know about recent events<br />
* Understand the exploits at a deeper level<br />
* Get guidance on how to structure your remediation efforts<br />
'''---September 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Scott Stender''' <br />
<br />
Scott Stender is the leader of NCC Group's Cryptography Services practice. Scott co-founded iSEC Partners and joined NCC Group when it was acquired in 2010. Prior to iSEC, Scott worked in software development and security consulting in roles at Microsoft and @stake.Scott has helped organizations around the world create secure systems, including notable projects on major operating systems, cryptographic libraries, and several of the world's most critical applications. He has led projects across the full development lifecycle and throughout the technology stack ranging from requirements to release and hypervisors to hypertext.Scott’s broad research output has advanced both the security analysis of core technologies and the process of secure software engineering. He has contributed papers and talks, on topics ranging from practical attacks against Kerberos to securing legacy technology, to a number of leading security conferences and periodicals.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Securely Deploying TLS 1.3]'''<br />
<br />
TLS 1.2 has been putting the S in HTTPS and other protocols since August of 2008. Though TLS is arguably the most successful security protocol in deployment, it has fallen prey to many attacks in the past decade. The Internet Engineering Task Force has been working to make TLS both faster and more secure, and will soon release an updated version to the world. TLS 1.3 is coming and will have a wide range of impacts for enterprises. This talk will help you prepare by providing:<br />
* An overview of major changes in TLS 1.3<br />
* An explanation of 0-RTT and how its performance improvements will impact the security of your servers and applications<br />
* A deep-dive into important configuration options and their security impacts<br />
* A guide to security monitoring in a TLS 1.3 world<br />
'''---August 23, 2017 Riot Games''' <br />
<br />
<u>''Speaker''</u>: Mike Milner <br />
<br />
Mike has always loved taking things apart and (usually) putting them back together. Throughout his career in business and government Mike has experienced the breadth of opportunities technology and data intelligence have created. Mike is the Co-Founder and Chief Technology Officer at IMMUNIO, where he gets to focus on building systems to keep the internet secure. Between fighting cybercrime for the Canadian government and working for security agencies overseas, Mike has developed a deep understanding of the global security landscape and how the underground economy dictates hacks and ultimately drives breaches. This unique experience paired with his technical background helped Mike uncover what the next eneration of security software should look like in IMMUNIO. Prior to founding IMMUNIO, Mike was a lead member of the technical staff at Salesforce.com where he gained insight into the business side of web applications. He also served as a software engineer at Canonical, working on the world’s most popular free operating system, Ubuntu, following his time serving both the Canadian and UK Government.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Law & Order: Observing and Protecting Web Applications]'''<br />
<br />
In the early 90s, two great things happened: The birth of the World Wide Web, and the start ofthe Law & Order TV Series. Both have changed and evolved over time to reflect, and in somecases prompt changes in our society. Law & Order has always been a great show, because it looks at the broader spectrum of howthe law works. In much the same way, we as an industry are paying more attention to the broader field of how to protect the web from attack. It’s not just tools and technology - it’s how the tools and tech fit into a broader security process. This talk looks at how appsec has changed over the years, from the first web sites online, to how things are moving into the future. How new tools and techniques are enabling tighter collaboration between the Law & Order of application security, and enabling new workflows like CI/CD and DevSecOps.<br />
<br />
'''---July 19 2017 Verizon Digital Media Services''' <br />
<br />
<u>''Speaker:''</u> '''David Caissy''' <br />
<br />
David Caissy is a web application penetration tester with in-depth developer and IT Security background spanning over 16 years. He has extensive experience in conducting vulnerability assessments and penetration tests as well as providing training globally, amongst numerous other teaching engagements. He has worked for a central bank, the Department of National Defense, various government agencies and private companies. David has been teaching web application security in colleges, conferences and for many government agencies over the last decade. <br />
<br />
<u>''Topic:''</u> '''The New and Improved OWASP Top 10'''<br />
<br />
First released in 2003, the OWASP Top 10 has since become OWASP's main flagship project. With minor updates in 2004 and 2007 followed by major releases in 2010 and 2013, the Top 10 was due for a revision in 2017 that would better reflect the current web application security risks. This new release lives up to the expectations by improving the classification of application vulnerabilities while focusing more on the lack of protections, often highlighted in vulnerability assessments and penetration tests.This presentation about the new and improved top 10 most critical web application security risks will cover all 10 items while focusing on the improvements from the previous version.<br />
<br />
'''---June 28, 2017 Riot Games''' <br />
<br />
<u>''Panel:''</u> '''Edward Bonver, Stu Schwartz, Aaron Guzman, Tony Trummer -''' moderated by '''Richard Greenberg''' <br />
<br />
'''Richard Greenberg''' is the OWASP Los Angeles Chapter Leader and the President of ISSA-Los Angeles. He has worked diligently to bring together the various Southern California IT and InfoSec organizations to enhance their collaboration efforts, to help reach new IT and InfoSec professionals. His day job is the Information Security Officer for LA County Public Health. <br />
<br />
'''Edward Bonver''' is OWASP Los Angeles chapter board member and lead, and is a co-organizer of OWASP California regional application security conferences and summits, and a frequent speaker at global security events and conferences. His security community contributions include active participation in groups like OWASP, SAFECode, (ISC)2, IEEE Center for Secure Design, and more. He CISSP and CSSLP certifications, a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. <br />
<br />
'''Stu Schwartz''' has over 20 years experience as a programmer and over 10 years as an application security practitioner. As part of the product security team, Stu worked with application teams across the company promoting application software security. His responsibilities include teaching secure coding and security testing classes, working with various security tools and coordinating external penetration tests. Stu holds certifications in CISSP & CSSLP. He is also between gigs and would be a valuable assist to your organization. <br />
<br />
'''Tony Trummer''' currently leads the Security team at '''''Tinder''''' in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA and Hack In the Box.<br />
<br />
'''Aaron Guzman''' is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. He has spoken at a number of conferences world wide which include Defcon, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on twitter at @scriptingxss<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 What DOES it Take to Produce Secure Software]'''<br />
<br />
In today's technologically diverse, rapidly evolving and incredibly complex world, software makers face many challenges when it comes to producing secure software offerings. Many software security tools and services vendors want to sell you their silver bullet solutions, that supposedly solve the software security problem. There are a number of security certifications out there which are meant to help you address the problem. There are many security consultants and subject matter experts who will tell you how to do it right; there are books and magazines, podcasts, webinars, security conferences, meetups, YouTube videos aimed at helping you, while confusing you even further! So as a software maker, how do you tackle this problem? Where do you begin? How do you advance? How do you make sense of it all? What DOES it take to produce secure software? This OWASP LA panel consists of people who spent their entire careers in the trenches exploring and being consistently challenged by this problem space. The panelists will share their success and failure stories, as well as philosophical views based on their individual experiences from operating in diverse environments, trying to figure out that same question: What DOES it take?<br />
<br />
'''---May 24, 2017 Verizon Digital Media Services''' <br />
<br />
<u>Opening Talk</u>: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News] <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=234748Los Angeles Presentation Archive2017-10-30T06:08:14Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November - Robert Lee: Detect and Contain: Combating Account Takeover<br />
* October - Mahesh Babu: Struts 2 & You <br />
* September - [[Scott Stender: Securely Deploying TLS 1.3]]<br />
* August - Mike Milner: Law & Order: Observing and Protecting Web Applications<br />
* July - David Caissy: [[The New and Improved OWASP Top 10]] <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices (''speaker has not yet provided the copy'') <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=234747Los Angeles/2017 Meetings2017-10-30T05:59:46Z<p>Emomartin.owasp: </p>
<hr />
<div>'''---December 13, 2017 Microsoft Office''' <br />
<br />
<u>''Speaker''</u>: <br />
<br />
<u>''Topic''</u>: <br />
<br />
'''---November 29, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Robert Lee''' <br />
<br />
Robert E. Lee (Twitter: @robert e lee) is a seasoned leader and solutions-driven professional with over 25 years of experience in information technology and security. He is passionate about using security to enable business, manage risk, and protect assets and privacy.Robert is affiliated with the non-profit ISECOM organization and has contributed to open source projects such as OSSTMM, Unicornscan, and Sockstress. As a Sr Technical Program Manager with Twitter (since July2016), his current focus is on security controls that can help reduce ATO and other unwanted fraud in online applications.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Detect and Contain: Combating Account Takeover]'''<br />
<br />
In your environment, do you really know Who is doing What, from Where? How confident are you in your authentication controls and anomalous behavior detection? Does your behavior monitoring solution have the right data to give you relevant actionable findings? Are you overly burdening your users in the name of security,while still leaving them unprotected? This talk will shine a light on very common identity, authentication, and link-analysis practices that inhibit us from properly detecting threats, and ultimately, containing them.It will then introduce Risk Based Authorization as a model for online authentication and authorization.<br />
<br />
'''---October 25, 2017 Riot Games''' <br />
<br />
<u>''Speaker''</u>: '''Mahesh Babu''' <br />
<br />
Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Struts 2 & You]'''<br />
<br />
What we are learning from the Equifax breach and recent Struts 2 vulnerabilities and what you can do to step up your assessment & remediation efforts. As you may already know, the root cause of the Equifax breach was a web application security issue tied to a widely used software framework called Apache Struts 2. Teams everywhere continue to see these issues and exploit attempts from all over the world. In this session you will:<br />
* Get the inside scoop on what we know about recent events<br />
* Understand the exploits at a deeper level<br />
* Get guidance on how to structure your remediation efforts<br />
'''---September 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Scott Stender''' <br />
<br />
Scott Stender is the leader of NCC Group's Cryptography Services practice. Scott co-founded iSEC Partners and joined NCC Group when it was acquired in 2010. Prior to iSEC, Scott worked in software development and security consulting in roles at Microsoft and @stake.Scott has helped organizations around the world create secure systems, including notable projects on major operating systems, cryptographic libraries, and several of the world's most critical applications. He has led projects across the full development lifecycle and throughout the technology stack ranging from requirements to release and hypervisors to hypertext.Scott’s broad research output has advanced both the security analysis of core technologies and the process of secure software engineering. He has contributed papers and talks, on topics ranging from practical attacks against Kerberos to securing legacy technology, to a number of leading security conferences and periodicals.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Securely Deploying TLS 1.3]'''<br />
<br />
TLS 1.2 has been putting the S in HTTPS and other protocols since August of 2008. Though TLS is arguably the most successful security protocol in deployment, it has fallen prey to many attacks in the past decade. The Internet Engineering Task Force has been working to make TLS both faster and more secure, and will soon release an updated version to the world. TLS 1.3 is coming and will have a wide range of impacts for enterprises. This talk will help you prepare by providing:<br />
* An overview of major changes in TLS 1.3<br />
* An explanation of 0-RTT and how its performance improvements will impact the security of your servers and applications<br />
* A deep-dive into important configuration options and their security impacts<br />
* A guide to security monitoring in a TLS 1.3 world<br />
'''---August 23, 2017 Riot Games''' <br />
<br />
<u>''Speaker''</u>: Mike Milner <br />
<br />
Mike has always loved taking things apart and (usually) putting them back together. Throughout his career in business and government Mike has experienced the breadth of opportunities technology and data intelligence have created. Mike is the Co-Founder and Chief Technology Officer at IMMUNIO, where he gets to focus on building systems to keep the internet secure. Between fighting cybercrime for the Canadian government and working for security agencies overseas, Mike has developed a deep understanding of the global security landscape and how the underground economy dictates hacks and ultimately drives breaches. This unique experience paired with his technical background helped Mike uncover what the next eneration of security software should look like in IMMUNIO. Prior to founding IMMUNIO, Mike was a lead member of the technical staff at Salesforce.com where he gained insight into the business side of web applications. He also served as a software engineer at Canonical, working on the world’s most popular free operating system, Ubuntu, following his time serving both the Canadian and UK Government.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Law & Order: Observing and Protecting Web Applications]'''<br />
<br />
In the early 90s, two great things happened: The birth of the World Wide Web, and the start ofthe Law & Order TV Series. Both have changed and evolved over time to reflect, and in somecases prompt changes in our society. Law & Order has always been a great show, because it looks at the broader spectrum of howthe law works. In much the same way, we as an industry are paying more attention to the broader field of how to protect the web from attack. It’s not just tools and technology - it’s how the tools and tech fit into a broader security process. This talk looks at how appsec has changed over the years, from the first web sites online, to how things are moving into the future. How new tools and techniques are enabling tighter collaboration between the Law & Order of application security, and enabling new workflows like CI/CD and DevSecOps.<br />
<br />
'''---July 19 2017 Verizon Digital Media Services''' <br />
<br />
<u>''Speaker:''</u> '''David Caissy''' <br />
<br />
David Caissy is a web application penetration tester with in-depth developer and IT Security background spanning over 16 years. He has extensive experience in conducting vulnerability assessments and penetration tests as well as providing training globally, amongst numerous other teaching engagements. He has worked for a central bank, the Department of National Defense, various government agencies and private companies. David has been teaching web application security in colleges, conferences and for many government agencies over the last decade. <br />
<br />
<u>''Topic:''</u> '''The New and Improved OWASP Top 10'''<br />
<br />
First released in 2003, the OWASP Top 10 has since become OWASP's main flagship project. With minor updates in 2004 and 2007 followed by major releases in 2010 and 2013, the Top 10 was due for a revision in 2017 that would better reflect the current web application security risks. This new release lives up to the expectations by improving the classification of application vulnerabilities while focusing more on the lack of protections, often highlighted in vulnerability assessments and penetration tests.This presentation about the new and improved top 10 most critical web application security risks will cover all 10 items while focusing on the improvements from the previous version.<br />
<br />
'''---June 28, 2017 Riot Games''' <br />
<br />
<u>''Panel:''</u> '''Edward Bonver, Stu Schwartz, Aaron Guzman, Tony Trummer -''' moderated by '''Richard Greenberg''' <br />
<br />
'''Richard Greenberg''' is the OWASP Los Angeles Chapter Leader and the President of ISSA-Los Angeles. He has worked diligently to bring together the various Southern California IT and InfoSec organizations to enhance their collaboration efforts, to help reach new IT and InfoSec professionals. His day job is the Information Security Officer for LA County Public Health. <br />
<br />
'''Edward Bonver''' is OWASP Los Angeles chapter board member and lead, and is a co-organizer of OWASP California regional application security conferences and summits, and a frequent speaker at global security events and conferences. His security community contributions include active participation in groups like OWASP, SAFECode, (ISC)2, IEEE Center for Secure Design, and more. He CISSP and CSSLP certifications, a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. <br />
<br />
'''Stu Schwartz''' has over 20 years experience as a programmer and over 10 years as an application security practitioner. As part of the product security team, Stu worked with application teams across the company promoting application software security. His responsibilities include teaching secure coding and security testing classes, working with various security tools and coordinating external penetration tests. Stu holds certifications in CISSP & CSSLP. He is also between gigs and would be a valuable assist to your organization. <br />
<br />
'''Tony Trummer''' currently leads the Security team at '''''Tinder''''' in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA and Hack In the Box.<br />
<br />
'''Aaron Guzman''' is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. He has spoken at a number of conferences world wide which include Defcon, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on twitter at @scriptingxss<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 What DOES it Take to Produce Secure Software]'''<br />
<br />
In today's technologically diverse, rapidly evolving and incredibly complex world, software makers face many challenges when it comes to producing secure software offerings. Many software security tools and services vendors want to sell you their silver bullet solutions, that supposedly solve the software security problem. There are a number of security certifications out there which are meant to help you address the problem. There are many security consultants and subject matter experts who will tell you how to do it right; there are books and magazines, podcasts, webinars, security conferences, meetups, YouTube videos aimed at helping you, while confusing you even further! So as a software maker, how do you tackle this problem? Where do you begin? How do you advance? How do you make sense of it all? What DOES it take to produce secure software? This OWASP LA panel consists of people who spent their entire careers in the trenches exploring and being consistently challenged by this problem space. The panelists will share their success and failure stories, as well as philosophical views based on their individual experiences from operating in diverse environments, trying to figure out that same question: What DOES it take?<br />
<br />
'''---May 24, 2017 Verizon Digital Media Services''' <br />
<br />
<u>Opening Talk</u>: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News] <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=234746Los Angeles/2017 Meetings2017-10-30T05:56:39Z<p>Emomartin.owasp: </p>
<hr />
<div>'''---December 13, 2017 Microsoft Office''' <br />
<br />
<u>''Speaker''</u>: <br />
<br />
<u>''Topic''</u>: <br />
<br />
'''---November 29, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Robert Lee''' <br />
<br />
Robert E. Lee (Twitter: @robert e lee) is a seasoned leader and solutions-driven professional with over 25 years of experience in information technology and security. He is passionate about using security to enable business, manage risk, and protect assets and privacy.Robert is affiliated with the non-profit ISECOM organization and has contributed to open source projects such as OSSTMM, Unicornscan, and Sockstress. As a Sr Technical Program Manager with Twitter (since July2016), his current focus is on security controls that can help reduce ATO and other unwanted fraud in online applications.<br />
<br />
<u>''Topic''</u>: '''Detect and Contain: Combating Account Takeover'''<br />
<br />
In your environment, do you really know Who is doing What, from Where? How confident are you in your authentication controls and anomalous behavior detection? Does your behavior monitoring solution have the right data to give you relevant actionable findings? Are you overly burdening your users in the name of security,while still leaving them unprotected? This talk will shine a light on very common identity, authentication, and link-analysis practices that inhibit us from properly detecting threats, and ultimately, containing them.It will then introduce Risk Based Authorization as a model for online authentication and authorization.<br />
<br />
'''---October 25, 2017 Riot Games''' <br />
<br />
<u>''Speaker''</u>: '''Mahesh Babu''' <br />
<br />
Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.<br />
<br />
<u>''Topic''</u>: '''Struts 2 & You'''<br />
<br />
What we are learning from the Equifax breach and recent Struts 2 vulnerabilities and what you can do to step up your assessment & remediation efforts. As you may already know, the root cause of the Equifax breach was a web application security issue tied to a widely used software framework called Apache Struts 2. Teams everywhere continue to see these issues and exploit attempts from all over the world. In this session you will:<br />
* Get the inside scoop on what we know about recent events<br />
* Understand the exploits at a deeper level<br />
* Get guidance on how to structure your remediation efforts<br />
'''---September 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Scott Stender''' <br />
<br />
Scott Stender is the leader of NCC Group's Cryptography Services practice. Scott co-founded iSEC Partners and joined NCC Group when it was acquired in 2010. Prior to iSEC, Scott worked in software development and security consulting in roles at Microsoft and @stake.Scott has helped organizations around the world create secure systems, including notable projects on major operating systems, cryptographic libraries, and several of the world's most critical applications. He has led projects across the full development lifecycle and throughout the technology stack ranging from requirements to release and hypervisors to hypertext.Scott’s broad research output has advanced both the security analysis of core technologies and the process of secure software engineering. He has contributed papers and talks, on topics ranging from practical attacks against Kerberos to securing legacy technology, to a number of leading security conferences and periodicals.<br />
<br />
<u>''Topic''</u>: '''Securely Deploying TLS 1.3'''<br />
<br />
TLS 1.2 has been putting the S in HTTPS and other protocols since August of 2008. Though TLS is arguably the most successful security protocol in deployment, it has fallen prey to many attacks in the past decade. The Internet Engineering Task Force has been working to make TLS both faster and more secure, and will soon release an updated version to the world. TLS 1.3 is coming and will have a wide range of impacts for enterprises. This talk will help you prepare by providing:<br />
* An overview of major changes in TLS 1.3<br />
* An explanation of 0-RTT and how its performance improvements will impact the security of your servers and applications<br />
* A deep-dive into important configuration options and their security impacts<br />
* A guide to security monitoring in a TLS 1.3 world<br />
'''---August 23, 2017 Riot Games''' <br />
<br />
<u>''Speaker''</u>: Mike Milner <br />
<br />
Mike has always loved taking things apart and (usually) putting them back together. Throughout his career in business and government Mike has experienced the breadth of opportunities technology and data intelligence have created. Mike is the Co-Founder and Chief Technology Officer at IMMUNIO, where he gets to focus on building systems to keep the internet secure. Between fighting cybercrime for the Canadian government and working for security agencies overseas, Mike has developed a deep understanding of the global security landscape and how the underground economy dictates hacks and ultimately drives breaches. This unique experience paired with his technical background helped Mike uncover what the next eneration of security software should look like in IMMUNIO. Prior to founding IMMUNIO, Mike was a lead member of the technical staff at Salesforce.com where he gained insight into the business side of web applications. He also served as a software engineer at Canonical, working on the world’s most popular free operating system, Ubuntu, following his time serving both the Canadian and UK Government.<br />
<br />
<u>''Topic''</u>: '''Law & Order: Observing and Protecting Web Applications'''<br />
<br />
In the early 90s, two great things happened: The birth of the World Wide Web, and the start ofthe Law & Order TV Series. Both have changed and evolved over time to reflect, and in somecases prompt changes in our society. Law & Order has always been a great show, because it looks at the broader spectrum of howthe law works. In much the same way, we as an industry are paying more attention to the broader field of how to protect the web from attack. It’s not just tools and technology - it’s how the tools and tech fit into a broader security process. This talk looks at how appsec has changed over the years, from the first web sites online, to how things are moving into the future. How new tools and techniques are enabling tighter collaboration between the Law & Order of application security, and enabling new workflows like CI/CD and DevSecOps.<br />
<br />
'''---July 19 2017 Verizon Digital Media Services''' <br />
<br />
<u>''Speaker:''</u> '''David Caissy''' <br />
<br />
David Caissy is a web application penetration tester with in-depth developer and IT Security background spanning over 16 years. He has extensive experience in conducting vulnerability assessments and penetration tests as well as providing training globally, amongst numerous other teaching engagements. He has worked for a central bank, the Department of National Defense, various government agencies and private companies. David has been teaching web application security in colleges, conferences and for many government agencies over the last decade. <br />
<br />
<u>''Topic:''</u> '''The New and Improved OWASP Top 10'''<br />
<br />
First released in 2003, the OWASP Top 10 has since become OWASP's main flagship project. With minor updates in 2004 and 2007 followed by major releases in 2010 and 2013, the Top 10 was due for a revision in 2017 that would better reflect the current web application security risks. This new release lives up to the expectations by improving the classification of application vulnerabilities while focusing more on the lack of protections, often highlighted in vulnerability assessments and penetration tests.This presentation about the new and improved top 10 most critical web application security risks will cover all 10 items while focusing on the improvements from the previous version.<br />
<br />
'''---June 28, 2017 Riot Games''' <br />
<br />
<u>''Panel:''</u> '''Edward Bonver, Stu Schwartz, Aaron Guzman, Tony Trummer -''' moderated by '''Richard Greenberg''' <br />
<br />
'''Richard Greenberg''' is the OWASP Los Angeles Chapter Leader and the President of ISSA-Los Angeles. He has worked diligently to bring together the various Southern California IT and InfoSec organizations to enhance their collaboration efforts, to help reach new IT and InfoSec professionals. His day job is the Information Security Officer for LA County Public Health. <br />
<br />
'''Edward Bonver''' is OWASP Los Angeles chapter board member and lead, and is a co-organizer of OWASP California regional application security conferences and summits, and a frequent speaker at global security events and conferences. His security community contributions include active participation in groups like OWASP, SAFECode, (ISC)2, IEEE Center for Secure Design, and more. He CISSP and CSSLP certifications, a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. <br />
<br />
'''Stu Schwartz''' has over 20 years experience as a programmer and over 10 years as an application security practitioner. As part of the product security team, Stu worked with application teams across the company promoting application software security. His responsibilities include teaching secure coding and security testing classes, working with various security tools and coordinating external penetration tests. Stu holds certifications in CISSP & CSSLP. He is also between gigs and would be a valuable assist to your organization. <br />
<br />
'''Tony Trummer''' currently leads the Security team at '''''Tinder''''' in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA and Hack In the Box.<br />
<br />
'''Aaron Guzman''' is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. He has spoken at a number of conferences world wide which include Defcon, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on twitter at @scriptingxss<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 What DOES it Take to Produce Secure Software]'''<br />
<br />
In today's technologically diverse, rapidly evolving and incredibly complex world, software makers face many challenges when it comes to producing secure software offerings. Many software security tools and services vendors want to sell you their silver bullet solutions, that supposedly solve the software security problem. There are a number of security certifications out there which are meant to help you address the problem. There are many security consultants and subject matter experts who will tell you how to do it right; there are books and magazines, podcasts, webinars, security conferences, meetups, YouTube videos aimed at helping you, while confusing you even further! So as a software maker, how do you tackle this problem? Where do you begin? How do you advance? How do you make sense of it all? What DOES it take to produce secure software? This OWASP LA panel consists of people who spent their entire careers in the trenches exploring and being consistently challenged by this problem space. The panelists will share their success and failure stories, as well as philosophical views based on their individual experiences from operating in diverse environments, trying to figure out that same question: What DOES it take?<br />
<br />
'''---May 24, 2017 Verizon Digital Media Services''' <br />
<br />
<u>Opening Talk</u>: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News] <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=234745Los Angeles/2017 Meetings2017-10-30T05:47:51Z<p>Emomartin.owasp: </p>
<hr />
<div>---December 2017 <br />
<br />
---November 2017 <br />
<br />
'''---October 25, 2017 Riot Games''' <br />
<br />
<u>''Speaker''</u>: '''Mahesh Babu''' <br />
<br />
Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.<br />
<br />
<u>''Topic''</u>: '''Struts 2 & You'''<br />
<br />
What we are learning from the Equifax breach and recent Struts 2 vulnerabilities and what you can do to step up your assessment & remediation efforts. As you may already know, the root cause of the Equifax breach was a web application security issue tied to a widely used software framework called Apache Struts 2. Teams everywhere continue to see these issues and exploit attempts from all over the world. In this session you will:<br />
* Get the inside scoop on what we know about recent events<br />
* Understand the exploits at a deeper level<br />
* Get guidance on how to structure your remediation efforts<br />
---September 2017 <br />
<br />
'''---August 23, 2017 Riot Games''' <br />
<br />
<u>''Speaker''</u>: Mike Milner <br />
<br />
Mike has always loved taking things apart and (usually) putting them back together. Throughout his career in business and government Mike has experienced the breadth of opportunities technology and data intelligence have created. Mike is the Co-Founder and Chief Technology Officer at IMMUNIO, where he gets to focus on building systems to keep the internet secure. Between fighting cybercrime for the Canadian government and working for security agencies overseas, Mike has developed a deep understanding of the global security landscape and how the underground economy dictates hacks and ultimately drives breaches. This unique experience paired with his technical background helped Mike uncover what the next eneration of security software should look like in IMMUNIO. Prior to founding IMMUNIO, Mike was a lead member of the technical staff at Salesforce.com where he gained insight into the business side of web applications. He also served as a software engineer at Canonical, working on the world’s most popular free operating system, Ubuntu, following his time serving both the Canadian and UK Government.<br />
<br />
<u>''Topic''</u>: '''Law & Order: Observing and Protecting Web Applications'''<br />
<br />
In the early 90s, two great things happened: The birth of the World Wide Web, and the start ofthe Law & Order TV Series. Both have changed and evolved over time to reflect, and in somecases prompt changes in our society. Law & Order has always been a great show, because it looks at the broader spectrum of howthe law works. In much the same way, we as an industry are paying more attention to the broader field of how to protect the web from attack. It’s not just tools and technology - it’s how the tools and tech fit into a broader security process. This talk looks at how appsec has changed over the years, from the first web sites online, to how things are moving into the future. How new tools and techniques are enabling tighter collaboration between the Law & Order of application security, and enabling new workflows like CI/CD and DevSecOps.<br />
<br />
'''---July 19 2017 Verizon Digital Media Services''' <br />
<br />
<u>''Speaker:''</u> '''David Caissy''' <br />
<br />
David Caissy is a web application penetration tester with in-depth developer and IT Security background spanning over 16 years. He has extensive experience in conducting vulnerability assessments and penetration tests as well as providing training globally, amongst numerous other teaching engagements. He has worked for a central bank, the Department of National Defense, various government agencies and private companies. David has been teaching web application security in colleges, conferences and for many government agencies over the last decade. <br />
<br />
<u>''Topic:''</u> '''The New and Improved OWASP Top 10'''<br />
<br />
First released in 2003, the OWASP Top 10 has since become OWASP's main flagship project. With minor updates in 2004 and 2007 followed by major releases in 2010 and 2013, the Top 10 was due for a revision in 2017 that would better reflect the current web application security risks. This new release lives up to the expectations by improving the classification of application vulnerabilities while focusing more on the lack of protections, often highlighted in vulnerability assessments and penetration tests.This presentation about the new and improved top 10 most critical web application security risks will cover all 10 items while focusing on the improvements from the previous version.<br />
<br />
'''---June 28, 2017 Riot Games''' <br />
<br />
<u>''Panel:''</u> '''Edward Bonver, Stu Schwartz, Aaron Guzman, Tony Trummer -''' moderated by '''Richard Greenberg''' <br />
<br />
'''Richard Greenberg''' is the OWASP Los Angeles Chapter Leader and the President of ISSA-Los Angeles. He has worked diligently to bring together the various Southern California IT and InfoSec organizations to enhance their collaboration efforts, to help reach new IT and InfoSec professionals. His day job is the Information Security Officer for LA County Public Health. <br />
<br />
'''Edward Bonver''' is OWASP Los Angeles chapter board member and lead, and is a co-organizer of OWASP California regional application security conferences and summits, and a frequent speaker at global security events and conferences. His security community contributions include active participation in groups like OWASP, SAFECode, (ISC)2, IEEE Center for Secure Design, and more. He CISSP and CSSLP certifications, a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. <br />
<br />
'''Stu Schwartz''' has over 20 years experience as a programmer and over 10 years as an application security practitioner. As part of the product security team, Stu worked with application teams across the company promoting application software security. His responsibilities include teaching secure coding and security testing classes, working with various security tools and coordinating external penetration tests. Stu holds certifications in CISSP & CSSLP. He is also between gigs and would be a valuable assist to your organization. <br />
<br />
'''Tony Trummer''' currently leads the Security team at '''''Tinder''''' in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA and Hack In the Box.<br />
<br />
'''Aaron Guzman''' is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. He has spoken at a number of conferences world wide which include Defcon, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on twitter at @scriptingxss<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 What DOES it Take to Produce Secure Software]'''<br />
<br />
In today's technologically diverse, rapidly evolving and incredibly complex world, software makers face many challenges when it comes to producing secure software offerings. Many software security tools and services vendors want to sell you their silver bullet solutions, that supposedly solve the software security problem. There are a number of security certifications out there which are meant to help you address the problem. There are many security consultants and subject matter experts who will tell you how to do it right; there are books and magazines, podcasts, webinars, security conferences, meetups, YouTube videos aimed at helping you, while confusing you even further! So as a software maker, how do you tackle this problem? Where do you begin? How do you advance? How do you make sense of it all? What DOES it take to produce secure software? This OWASP LA panel consists of people who spent their entire careers in the trenches exploring and being consistently challenged by this problem space. The panelists will share their success and failure stories, as well as philosophical views based on their individual experiences from operating in diverse environments, trying to figure out that same question: What DOES it take?<br />
<br />
'''---May 24, 2017 Verizon Digital Media Services''' <br />
<br />
<u>Opening Talk</u>: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News] <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=File:OWASP_LA_Securely_Deploying_TLS_1.3_Scott_Stender_2017_09.pdf&diff=234744File:OWASP LA Securely Deploying TLS 1.3 Scott Stender 2017 09.pdf2017-10-30T05:22:34Z<p>Emomartin.owasp: </p>
<hr />
<div></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=File:OWASP_LA_New_OWASP_Top_10_David_Caissy_2017_07.pdf&diff=234743File:OWASP LA New OWASP Top 10 David Caissy 2017 07.pdf2017-10-30T05:18:39Z<p>Emomartin.owasp: </p>
<hr />
<div></div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=234742Los Angeles/2017 Meetings2017-10-30T05:16:05Z<p>Emomartin.owasp: </p>
<hr />
<div>---December 2017, <br />
<br />
---November 2017, <br />
<br />
---October 25 2017 Riot Games <br />
<br />
<u>''Speaker''</u>: '''Mahesh Babu''' <br />
<br />
Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.<br />
<br />
<u>''Topic''</u>: '''Struts 2 & You'''<br />
<br />
What we are learning from the Equifax breach and recent Struts 2 vulnerabilities and what you can do to step up your assessment & remediation efforts. As you may already know, the root cause of the Equifax breach was a web application security issue tied to a widely used software framework called Apache Struts 2. Teams everywhere continue to see these issues and exploit attempts from all over the world. In this session you will:<br />
* Get the inside scoop on what we know about recent events<br />
* Understand the exploits at a deeper level<br />
* Get guidance on how to structure your remediation efforts<br />
---September 2017, <br />
<br />
---August 2017, <br />
<br />
---July 2017, <br />
<br />
'''---June 28 2017 Riot Games''' <br />
<br />
<u>''Panel:''</u> '''Edward Bonver, Stu Schwartz, Aaron Guzman, Tony Trummer -''' moderated by '''Richard Greenberg''' <br />
<br />
'''Richard Greenberg''' is the OWASP Los Angeles Chapter Leader and the President of ISSA-Los Angeles. He has worked diligently to bring together the various Southern California IT and InfoSec organizations to enhance their collaboration efforts, to help reach new IT and InfoSec professionals. His day job is the Information Security Officer for LA County Public Health. <br />
<br />
'''Edward Bonver''' is OWASP Los Angeles chapter board member and lead, and is a co-organizer of OWASP California regional application security conferences and summits, and a frequent speaker at global security events and conferences. His security community contributions include active participation in groups like OWASP, SAFECode, (ISC)2, IEEE Center for Secure Design, and more. He CISSP and CSSLP certifications, a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. <br />
<br />
'''Stu Schwartz''' has over 20 years experience as a programmer and over 10 years as an application security practitioner. As part of the product security team, Stu worked with application teams across the company promoting application software security. His responsibilities include teaching secure coding and security testing classes, working with various security tools and coordinating external penetration tests. Stu holds certifications in CISSP & CSSLP. He is also between gigs and would be a valuable assist to your organization. <br />
<br />
'''Tony Trummer''' currently leads the Security team at '''''Tinder''''' in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA and Hack In the Box.<br />
<br />
'''Aaron Guzman''' is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. He has spoken at a number of conferences world wide which include Defcon, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on twitter at @scriptingxss<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 What DOES it Take to Produce Secure Software]'''<br />
<br />
In today's technologically diverse, rapidly evolving and incredibly complex world, software makers face many challenges when it comes to producing secure software offerings. Many software security tools and services vendors want to sell you their silver bullet solutions, that supposedly solve the software security problem. There are a number of security certifications out there which are meant to help you address the problem. There are many security consultants and subject matter experts who will tell you how to do it right; there are books and magazines, podcasts, webinars, security conferences, meetups, YouTube videos aimed at helping you, while confusing you even further! So as a software maker, how do you tackle this problem? Where do you begin? How do you advance? How do you make sense of it all? What DOES it take to produce secure software? This OWASP LA panel consists of people who spent their entire careers in the trenches exploring and being consistently challenged by this problem space. The panelists will share their success and failure stories, as well as philosophical views based on their individual experiences from operating in diverse environments, trying to figure out that same question: What DOES it take?<br />
<br />
'''---May 24, 2017 Verizon Digital Media Services''' <br />
<br />
<u>Opening Talk</u>: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News] <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
<u>''Topic''</u>''': [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=234741Los Angeles Presentation Archive2017-10-30T05:07:40Z<p>Emomartin.owasp: /* 2017 */</p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November -<br />
* October - Mahesh Babu: Struts 2 & You <br />
* September - Scott Stender: Securely Deploying TLS 1.3<br />
* August - Immunio CTO/CEO<br />
* July - David Caissy: The New and Improved OWASP Top 10 <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=231106Los Angeles Presentation Archive2017-06-30T06:18:17Z<p>Emomartin.owasp: /* 2017 */</p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
*June - Panel Discussion: [[Media:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=231105Los Angeles Presentation Archive2017-06-30T06:16:39Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
*June - Panel Discussion: [[:File:OWASP LA Panel - Produce Secure Software 2017 06.pdf|What DOES it Take to Produce Secure Software]]<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=231104Los Angeles Presentation Archive2017-06-30T06:11:56Z<p>Emomartin.owasp: /* 2017 */</p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
*June - Panel Discussion: What DOES it Take to Produce Secure Software<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=File:OWASP_LA_Panel_-_Produce_Secure_Software_2017_06.pdf&diff=231103File:OWASP LA Panel - Produce Secure Software 2017 06.pdf2017-06-30T06:08:54Z<p>Emomartin.owasp: </p>
<hr />
<div>Monthly meeting</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=231102Los Angeles/2017 Meetings2017-06-30T06:06:42Z<p>Emomartin.owasp: </p>
<hr />
<div>---December 2017, <br />
<br />
---November 2017, <br />
<br />
---September 2017,<br />
<br />
---August 2017, <br />
<br />
---July 2017, <br />
<br />
'''---June 28 2017 Riot Games''' <br />
<br />
<u>''Panel:''</u> '''Edward Bonver, Stu Schwartz, Aaron Guzman, Tony Trummer -''' moderated by '''Richard Greenberg''' <br />
<br />
'''Richard Greenberg''' is the OWASP Los Angeles Chapter Leader and the President of ISSA-Los Angeles. He has worked diligently to bring together the various Southern California IT and InfoSec organizations to enhance their collaboration efforts, to help reach new IT and InfoSec professionals. His day job is the Information Security Officer for LA County Public Health. <br />
<br />
'''Edward Bonver''' is OWASP Los Angeles chapter board member and lead, and is a co-organizer of OWASP California regional application security conferences and summits, and a frequent speaker at global security events and conferences. His security community contributions include active participation in groups like OWASP, SAFECode, (ISC)2, IEEE Center for Secure Design, and more. He CISSP and CSSLP certifications, a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. <br />
<br />
'''Stu Schwartz''' has over 20 years experience as a programmer and over 10 years as an application security practitioner. As part of the product security team, Stu worked with application teams across the company promoting application software security. His responsibilities include teaching secure coding and security testing classes, working with various security tools and coordinating external penetration tests. Stu holds certifications in CISSP & CSSLP. He is also between gigs and would be a valuable assist to your organization. <br />
<br />
'''Tony Trummer''' currently leads the Security team at '''''Tinder''''' in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA and Hack In the Box.<br />
<br />
'''Aaron Guzman''' is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. He has spoken at a number of conferences world wide which include Defcon, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on twitter at @scriptingxss<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 What DOES it Take to Produce Secure Software]'''<br />
<br />
In today's technologically diverse, rapidly evolving and incredibly complex world, software makers face many challenges when it comes to producing secure software offerings. Many software security tools and services vendors want to sell you their silver bullet solutions, that supposedly solve the software security problem. There are a number of security certifications out there which are meant to help you address the problem. There are many security consultants and subject matter experts who will tell you how to do it right; there are books and magazines, podcasts, webinars, security conferences, meetups, YouTube videos aimed at helping you, while confusing you even further! So as a software maker, how do you tackle this problem? Where do you begin? How do you advance? How do you make sense of it all? What DOES it take to produce secure software? This OWASP LA panel consists of people who spent their entire careers in the trenches exploring and being consistently challenged by this problem space. The panelists will share their success and failure stories, as well as philosophical views based on their individual experiences from operating in diverse environments, trying to figure out that same question: What DOES it take?<br />
<br />
'''---May 24, 2017 Verizon Digital Media Services''' <br />
<br />
<u>Opening Talk</u>: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News] <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=231101Los Angeles/2017 Meetings2017-06-30T06:04:56Z<p>Emomartin.owasp: added June monthly meeting details</p>
<hr />
<div>---December 2017, <br />
<br />
---November 2017, <br />
<br />
---September 2017,<br />
<br />
---August 2017, <br />
<br />
---July 2017, <br />
<br />
'''---June 28 2017 Riot Games''' <br />
<br />
<u>''Panel:''</u> '''Edward Bonver, Stu Schwartz, Aaron Guzman, Tony Trummer -''' moderated by '''Richard Greenberg''' <br />
<br />
'''Richard Greenberg''' is the OWASP Los Angeles Chapter Leader and the President of ISSA-Los Angeles. He has worked diligently to bring together the various Southern California IT and InfoSec organizations to enhance their collaboration efforts, to help reach new IT and InfoSec professionals. His day job is the Information Security Officer for LA County Public Health. <br />
<br />
'''Edward Bonver''' is OWASP Los Angeles chapter board member and lead, and is a co-organizer of OWASP California regional application security conferences and summits, and a frequent speaker at global security events and conferences. His security community contributions include active participation in groups like OWASP, SAFECode, (ISC)2, IEEE Center for Secure Design, and more. He CISSP and CSSLP certifications, a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. <br />
<br />
'''Stu Schwartz''' has over 20 years experience as a programmer and over 10 years as an application security practitioner. As part of the product security team, Stu worked with application teams across the company promoting application software security. His responsibilities include teaching secure coding and security testing classes, working with various security tools and coordinating external penetration tests. Stu holds certifications in CISSP & CSSLP. He is also between gigs and would be a valuable assist to your organization. <br />
<br />
'''Tony Trummer''' currently leads the Security team at '''''Tinder''''' in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA and Hack In the Box.<br />
<br />
'''Aaron Guzman''' is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. He has spoken at a number of conferences world wide which include Defcon, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on twitter at @scriptingxss<br />
<br />
'''Topic: What DOES it Take to Produce Secure Software'''<br />
<br />
In today's technologically diverse, rapidly evolving and incredibly complex world, software makers face many challenges when it comes to producing secure software offerings. Many software security tools and services vendors want to sell you their silver bullet solutions, that supposedly solve the software security problem. There are a number of security certifications out there which are meant to help you address the problem. There are many security consultants and subject matter experts who will tell you how to do it right; there are books and magazines, podcasts, webinars, security conferences, meetups, YouTube videos aimed at helping you, while confusing you even further! So as a software maker, how do you tackle this problem? Where do you begin? How do you advance? How do you make sense of it all? What DOES it take to produce secure software? This OWASP LA panel consists of people who spent their entire careers in the trenches exploring and being consistently challenged by this problem space. The panelists will share their success and failure stories, as well as philosophical views based on their individual experiences from operating in diverse environments, trying to figure out that same question: What DOES it take?<br />
<br />
'''---May 24, 2017 Verizon Digital Media Services''' <br />
<br />
<u>Opening Talk</u>: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News] <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=230706Los Angeles/2017 Meetings2017-06-16T04:49:26Z<p>Emomartin.owasp: </p>
<hr />
<div>---December 2017, <br />
<br />
---November 2017, <br />
<br />
---September 2017,<br />
<br />
---August 2017, <br />
<br />
---July 2017, <br />
<br />
---June 2017, <br />
<br />
'''---May 24, 2017 Verizon Digital Media Services'''<br />
<br />
<u>Opening Talk</u>: Stuart Schwartz: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security in the News] <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles/2017_Meetings&diff=230705Los Angeles/2017 Meetings2017-06-16T04:47:36Z<p>Emomartin.owasp: </p>
<hr />
<div>---December 2017, <br />
<br />
---November 2017, <br />
<br />
---September 2017,<br />
<br />
---August 2017, <br />
<br />
---July 2017, <br />
<br />
---June 2017, <br />
<br />
'''---May 24, 2017 Verizon Digital Media Services'''<br />
<br />
<u>Opening Talk</u>: ''Stuart Schwartz'': Security in the News <br />
<br />
<u>''Speaker:''</u> '''Shane MacDougall''' <br />
<br />
Shane MacDougall has over 28 years experience as an information security professional, both as an attacker and a defender. His current focus in on threat intelligence, an area in which he has created, implemented, and run programs for two major Fortune 500 companies. He has lectured at security conferences internationally, and is the owner of two black badges from DEFCON. His book on social engineering is coming out this summer.<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Threat Intelligence on the Cheap]'''<br />
<br />
Threat intelligence is a phrase that these days seems to be one of the buzz words de jour. Throw in IoT, big data, cloud, and Docker, and you pretty much have Infosec Yahtzee. But what is a meaningful threat intelligence program for your company? Why spend six figures for the latest TI feeds from the ultra hackers tracking down APTs, when can you roll your own for pennies on the dollar? In this presentation we’ll discuss how to define threat intelligence, how you can optimize your practice to reduce noise, what sources you can get for free (or close to free), how to automate a lot of the intelligence that you get, and perhaps most important, making that intelligence actionable. We will also discuss mistakes others, including your presenter, have made, and how to avoid these and other common pitfalls.<br />
<br />
'''---April 26, 2017 Riot Games HQ, Los Angeles''' <br />
<br />
<u>''Speaker:''</u> '''Jack Mannino'''<br />
<br />
Jack is the Chief Executive Officer at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. Jack is an active mobile and wearable security researcher and focuses on creating techniques for making both web and mobile application security scale effectively.<br />
<br />
'''Topic: [https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Security In The Land of Microservices]'''<br />
<br />
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.<br />
<br />
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.<br />
<br />
'''---March 22, 2017 Symantec Offices, Culver City''' <br />
<br />
''<u>Speaker</u>'': '''Jeff Williams''' <br />
<br />
A pioneer in application security, Jeff Williams has more than 20 years of experience in software development and security. He is the co-founder and CTO of Contrast Security, a revolutionary application security product that enhances software with the power to defend itself, check itself for vulnerabilities, and join a security command and control infrastructure. Williams is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff holds a BA from Virginia, an MA from George Mason, and a JD from Georgetown. <br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Turning Security into Code with Dynamic Binary Instrumentation]'''<br />
<br />
AppSec has a serious math problem. We’re introducing vulnerabilities faster than we can find them. And we’re finding them faster than we can fix them. With software development accelerating and 11 billion new lines of code being written in 2017, this won’t end well. Some organizations have tried using perimeter defenses rather than improving their SDLC, but they don’t know what they’re protecting. A possible improvement is to feed vulnerability information into perimeter defenses, but it’s a correlation nightmare. Fortunately, with dynamic binary instrumentation it’s possible to unify vulnerability and attack detection – providing a high-confidence method of preventing vulnerabilities from being exploited. In this talk, we’ll get under the hood of this technique and also explore how it affects the math of your application security program.<br />
<br />
'''---February 22, 2017 Symantec Offices, Culver City''' <br />
<br />
<u>''Speaker''</u>: '''Eli Mezei'''<br />
<br />
Eli is an Executive Partner at Independent Security Evaluators, where he manages analyst and client activities, including assessment work and some research initiatives. Prior to joining Independent Security Evaluators, Mr. Mezei managed risk and research operations for one of the largest commodity trading advisors in the world. Mr. Mezei is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, as well as an organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON. Mr. Mezei holds an M.S. from The Johns Hopkins University.<br />
<br />
<u>''Topic''</u>: '''[https://www.owasp.org/index.php/Los_Angeles_Presentation_Archive#2017 Hacking Healthcare]'''<br />
<br />
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/<br />
<br />
'''---January 23-25, 2017 Annenberg Community Beach House, Santa Monica'''<br />
<br />
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County and Santa Barbara chapters to bring you the third annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.<br />
A full day of training on various subjects by expert trainers kicks off the conference on the 23rd. World renown speakers follow on days two and three. <br />
https://2017.appseccalifornia.org/</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=230704Los Angeles Presentation Archive2017-06-16T04:45:33Z<p>Emomartin.owasp: /* 2017 */</p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
*May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: [[Media:OWASP LA Security News Stuart Schwartz 2017 05.pdf|Security in the News]]<br />
* April - Jack Mannino: Security In The Land of Microservices <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=230703Los Angeles Presentation Archive2017-06-16T04:42:51Z<p>Emomartin.owasp: /* 2017 */</p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
*[[File:OWASP LA Security News Stuart Schwartz 2017 05.pdf|thumb]]May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]; Stuart Schwartz: Security in the News<br />
* April - Jack Mannino: Security In The Land of Microservices <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=File:OWASP_LA_Security_News_Stuart_Schwartz_2017_05.pdf&diff=230702File:OWASP LA Security News Stuart Schwartz 2017 05.pdf2017-06-16T04:39:18Z<p>Emomartin.owasp: </p>
<hr />
<div>Opening talk slide deck provided by the speaker</div>Emomartin.owasphttps://wiki.owasp.org/index.php?title=Los_Angeles_Presentation_Archive&diff=230639Los Angeles Presentation Archive2017-06-14T20:11:15Z<p>Emomartin.owasp: </p>
<hr />
<div>This page contains slides from OWASP Los Angeles Chapter Meetings:<br />
<br />
==2017==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May - Shane MacDougall: [[:Media:OWASP LA Threat Intel Shane MacDougall 2017 05.pdf|Threat Intelligence on the Cheap]]<br />
* April - Jack Mannino: Security In The Land of Microservices <br />
* March - Jeff Williams: [[Media: Jeff.Williams 2017-03 OWASP Cali Chapters.pdf | Turning Security into Code with Dynamic Binary Instrumentation]]<br />
* February - Eli Mezei: [[:Media:OWASP LA Hacking Hospitals Eli Mezei 2017 02.pdf|Hacking Healthcare]]<br />
* January - [https://2017.appseccalifornia.org Appsec California 2017]<br />
<br />
==2016==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2015==<br />
* December -<br />
* November -<br />
* October - <br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - <br />
* March - Jeff Williams: [[Media: Jeff.Williams_2015-03_OWASP_Cali_Chapters.pdf | Why Your AppSec Experts Are Killing You]]<br />
* February -<br />
* January -<br />
<br />
==2014==<br />
* December -<br />
* November -<br />
* October - Virginia Mushkatblat: [[Media:OWASP_virginia.talk.pptx | Data Privacy Emerging Technologies]]<br />
* September -<br />
* August -<br />
* July - <br />
* June -<br />
* May -<br />
* April - Jeff Williams: [[Media:2014-04OWASPSoCalContinuous1.pptx| Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security PPTX]]<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2013==<br />
* December -<br />
* November -<br />
* October -<br />
* September -<br />
* August -<br />
* July - Edward Bonver: [[Media:Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks.pdf| Security_of_Mobile_Ad_Hoc_and_Wireless_Sensor_Networks PDF]]<br />
* June -<br />
* May -<br />
* April -<br />
* March -<br />
* February -<br />
* January -<br />
<br />
==2012==<br />
* January - Robert Zigweid: Security in the Cloud<br />
<br />
<p></p><br />
==2011==<br />
<br />
* June - Brian Chess: [[Media:Gray,_the_new_black.pptx|Gray, the new Black: Gray-Box Web Vulnerability Testing pptx]]<br />
* May - Justin Collins: [[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Automated Detection of Security Flaws in Ruby on Rails Code]]<br />
* April - Bryan Sullivan: NoSQL Security<br />
* March - Liam O Murchu: STUXNET<br />
* February - Scott Sutherland: Database Security in the Real World<br />
* January - Samy Kamkar: [http://samy.pl/evercookie/ Evercookie: the Persistent Cookie]<br />
<br />
==2010==<br />
* December - Brian Robison and Sven Schrecker: Deep Dive into Web Application Scanning<br />
* November - Al Huizenga and Kyle Adams: Baking It In: Abuse-Resistant Web Applications<br />
* October - Todd Calvert: Identity Management: federation and authorization<br />
* October - Manoranjan (Mano) Paul: Sharks and Security<br />
* September - Mike O. Villegas: Secure Coding Practices and Procedures, and Threat Modeling<br />
* September - Edward Bonver: Threat Modeling at Symantec<br />
* August - Dr. Jelena Mirkovic: DETER Project: Scientific, Safe and Simple&nbsp;CyberSecurity Research<br />
* July - Samy Kamkar: How I Met Your Girlfriend: Entirely New Classes of Web Attacks<br />
* June - Brendan Bellina: Shibboleth implementation at USC<br />
* May - Neil Matatall: OWASP Top 10 and Enterprise Security API (ESAPI)<br />
* April - Mike Bailey and Mike Murray: The intersection of social and technical attacks in Web 2.0 applications<br />
* March - Michael Schrenk: BOOK PREVIEW: Webbots, Spiders, and Screen Scrapers SECOND EDITION<br />
* February - Alex Stamos: Cloud Computing Security: Raining on the Trendy New Parade<br />
* January - David M. N. Bryan: Do VLANs allow for good application security?<br />
<br />
<br />
==2009==<br />
*December - Michael Sutton: [[Media:Sutton_-_Pulling_The_Plug-Security_Risks_in_Next_Generation_Offline_Web_Apps_-_OWASP_LA_OC.pdf|Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications PDF]]<br />
*November - Brian Chess: [[Media:Watching_software_run_11.18.09.pptx| Watching Software Run pptx]]<br />
* October - Shankar Subramaniyan: [[Media:ISO27001_OWASPLA_Shankar_10212009.pdf|Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001) PDF]]<br />
* September - Marco Morana and Tony UcedaVelez: The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks<br />
* August - Matt Tesauro: OWASP Live CD Demo and Q&A<br />
* August - Pravir Chandra: The Software Assurance Maturity Model (SAMM)<br />
* July - David Bryan: Lock picks, BumpKeys, and Hackers oh my! How secure is your application?<br />
* June - Mikhael Felker: Information Warfare: Past, Present and Future<br />
* May - Jeremiah Grossman: [http://video.google.com/videoplay?docid=2875886330538461390 Top Ten Web Hacking Techniques of 2008]<br />
* April - David Campbell: [[Media:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf| XSS, Exploits and Defenses PDF]]<br />
* March - NETWORK SECURITY DINNER WITH ISSA - CISO'S Security Dashboard Panel<br />
* February - Alex Stamos: [[Media:Cloud_Computing_Security.pdf| Cloud Computing and Security PDF]]<br />
* January - Ben Walther: Building Security into the Test Organization<br />
<br />
==2008==<br />
* December - Samy Kamkar: [[Media:OWASP-WASCAppSec2007SanJose_SamyWorm.ppt| The MySpace Worm ppt]]<br />
* November - Stephan Chenette: A new web attack vector: Script Fragmentation<br />
* October - Jonathan Gershater: Entitlements Management: Security and policies for SOA using XML appliances<br />
* September - Ryan C. Barnett: The Web Hacking Incident Database (WHID) 2007 Report<br />
* August - Jeff Williams: Don't Write Your Own Security Code</div>Emomartin.owasp