https://wiki.owasp.org/api.php?action=feedcontributions&user=JonathanSinger&feedformat=atomOWASP - User contributions [en]2024-03-29T00:00:19ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Tampa&diff=256250Tampa2019-12-05T13:33:01Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer] - Co-Leader<br />
* [mailto:sunny.wear@owasp.org Sunny Wear] - Co-Leader<br />
* Nestor Torres - Chapter Coordinator<br />
* Charlie Marval - Chapter Coordinator<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
=https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
* Friday, December 6, 2019 <br />
<br />
Time:<br />
<br />
* 8:00am - 2:00pm <br />
<br />
Description:<br />
<br />
* OWASP Tampa Day 2109<br />
<br />
Location:<br />
* '''Wild Rover Brewery''' 13921 Lynmar Blvd Tampa, FL 33626<br />
Registration: https://owasp-tampa-day-2019.eventbrite.com<br />
<br />
AGENDA:<br />
Speakers<br />
Games<br />
Career Advice<br />
Networking<br />
<br />
DESCRIPTION: <br />
<br />
Join us for OWASP Tampa Day 2019!<br />
<br />
'''Speakers:'''<br />
<br />
'''Ryan Lindfield'''<br />
<br />
Title: Packet Stunts: Zero-to-Hero DNS Power Leveling<br />
<br />
Description: As CTO @ The Undercroft Ryan has a passion for technical enablement, community and tradecraft. This will be a fast-paced, and interactive training session with a focus on the Domain Name System. We’ll begin with a primer on standard DNS operation, validating concepts like resolution, zone transfers, record types, ipv4, ipv6, tcp, udp, multicast and anycast. Once a solid foundation is established within the audience we’ll move into DNS tradecraft from reconnaissance, to man-in-the-middle, authenticated DNS and various forms of encrypted DNS. Finally we’ll look into manipulation of DNS for exfiltration and tunneling. A lot of information in a small amount of time, please arrive a few minutes early & sufficiently caffeinated for best results.<br />
<br />
Bio: Ryan Lindfield has been working with network security for over 2 decades. He holds dozens of certifications and loves sharing his knowledge of offensive and defensive networking. Ryan has served as a consultant, instructor, author, and technical editor for Cisco, HP, VCE, and other vendors, providing training to civilians and military.<br />
----'''Savannah Lazzara'''<br />
<br />
Title: From Basics to Hacking the Planet<br />
<br />
Description: The talk will discuss Savannah’s journey into the cybersecurity industry as well showing an exploit demo. Savannah will show the audience books, platforms, and influencers that have helped in her career. The exploit demo will focus on vulnerabilities in Splunk applications.<br />
<br />
Bio: Savannah Lazzara is a Penetration Testing Intern at A-LIGN. She is currently attending The University of Tampa working towards a Bachelor’s Degree of Science in Cybersecurity. She currently holds the CEH and is CISM accredited. In addition, Savannah is one of the co-founders of Root@UT, a penetration testing and CTF training club, at The University of Tampa. Savannah also co-hosts Hack The Box's monthly meetups in the Tampa Bay area.<br />
----'''BLuəf0x'''<br />
<br />
Title: Modern Cars: Privacy Issues and Countermeasures<br />
<br />
Description: Having a used car you purchased and discovering that you find someone else's information in the car including on the bluetooth and the countermeasures to use when you want to sell your car having your information in the car.<br />
<br />
Bio:<br />
* US Army 9 years radio technician/satcom engineer<br />
* DoD and DoS contractor in tactical radio systems and secure/non-secure phone lines and phone switches<br />
* Pasco Hernando State College Law Enforcement Academy graduate<br />
* •1st Place NoQrtr CTF HackMiami 2018<br />
* •2nd Place NoQrtr CTF HackMiami 2019<br />
* •4th Place RedAlert ICS CTF DefCon 2019<br />
* •Speaker at BSides Puerto Rico 2019<br />
* •Staff volunteer at Cyber Security Forum Initiative and The Diana Initiative<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
'''Wild Rover Brewery''' 13921 Lynmar Blvd Tampa, FL 33626<br />
<br />
== Presentation Archives ==<br />
<br />
2019-Q1 - Application Security in an Ever Changing Digital Landscape - Trace Hollifield - Presentation Slides [[:File:Dev Sec Ops 2019-03.pdf|here]]<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=256249Tampa2019-12-05T13:32:44Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer] - Co-Leader<br />
* [mailto:sunny.wear@owasp.org Sunny Wear] - Co-Leader<br />
* Nestor Torres - Chapter Coordinator<br />
* Charlie Marval - Chapter Coordinator<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
=https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
* Friday, December 6, 2019 <br />
<br />
Time:<br />
<br />
* 8:00am - 2c:00pm <br />
<br />
Description:<br />
<br />
* OWASP Tampa Day 2109<br />
<br />
Location:<br />
* '''Wild Rover Brewery''' 13921 Lynmar Blvd Tampa, FL 33626<br />
Registration: https://owasp-tampa-day-2019.eventbrite.com<br />
<br />
AGENDA:<br />
Speakers<br />
Games<br />
Career Advice<br />
Networking<br />
<br />
DESCRIPTION: <br />
<br />
Join us for OWASP Tampa Day 2019!<br />
<br />
'''Speakers:'''<br />
<br />
'''Ryan Lindfield'''<br />
<br />
Title: Packet Stunts: Zero-to-Hero DNS Power Leveling<br />
<br />
Description: As CTO @ The Undercroft Ryan has a passion for technical enablement, community and tradecraft. This will be a fast-paced, and interactive training session with a focus on the Domain Name System. We’ll begin with a primer on standard DNS operation, validating concepts like resolution, zone transfers, record types, ipv4, ipv6, tcp, udp, multicast and anycast. Once a solid foundation is established within the audience we’ll move into DNS tradecraft from reconnaissance, to man-in-the-middle, authenticated DNS and various forms of encrypted DNS. Finally we’ll look into manipulation of DNS for exfiltration and tunneling. A lot of information in a small amount of time, please arrive a few minutes early & sufficiently caffeinated for best results.<br />
<br />
Bio: Ryan Lindfield has been working with network security for over 2 decades. He holds dozens of certifications and loves sharing his knowledge of offensive and defensive networking. Ryan has served as a consultant, instructor, author, and technical editor for Cisco, HP, VCE, and other vendors, providing training to civilians and military.<br />
----'''Savannah Lazzara'''<br />
<br />
Title: From Basics to Hacking the Planet<br />
<br />
Description: The talk will discuss Savannah’s journey into the cybersecurity industry as well showing an exploit demo. Savannah will show the audience books, platforms, and influencers that have helped in her career. The exploit demo will focus on vulnerabilities in Splunk applications.<br />
<br />
Bio: Savannah Lazzara is a Penetration Testing Intern at A-LIGN. She is currently attending The University of Tampa working towards a Bachelor’s Degree of Science in Cybersecurity. She currently holds the CEH and is CISM accredited. In addition, Savannah is one of the co-founders of Root@UT, a penetration testing and CTF training club, at The University of Tampa. Savannah also co-hosts Hack The Box's monthly meetups in the Tampa Bay area.<br />
----'''BLuəf0x'''<br />
<br />
Title: Modern Cars: Privacy Issues and Countermeasures<br />
<br />
Description: Having a used car you purchased and discovering that you find someone else's information in the car including on the bluetooth and the countermeasures to use when you want to sell your car having your information in the car.<br />
<br />
Bio:<br />
* US Army 9 years radio technician/satcom engineer<br />
* DoD and DoS contractor in tactical radio systems and secure/non-secure phone lines and phone switches<br />
* Pasco Hernando State College Law Enforcement Academy graduate<br />
* •1st Place NoQrtr CTF HackMiami 2018<br />
* •2nd Place NoQrtr CTF HackMiami 2019<br />
* •4th Place RedAlert ICS CTF DefCon 2019<br />
* •Speaker at BSides Puerto Rico 2019<br />
* •Staff volunteer at Cyber Security Forum Initiative and The Diana Initiative<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
'''Wild Rover Brewery''' 13921 Lynmar Blvd Tampa, FL 33626<br />
<br />
== Presentation Archives ==<br />
<br />
2019-Q1 - Application Security in an Ever Changing Digital Landscape - Trace Hollifield - Presentation Slides [[:File:Dev Sec Ops 2019-03.pdf|here]]<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=251321Tampa2019-05-10T15:42:18Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer] - Co-Leader<br />
* [mailto:sunny.wear@owasp.org Sunny Wear] - Co-Leader<br />
* Nestor Torres - Chapter Coordinator<br />
* Charlie Marval - Chapter Coordinator<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
=https://groups.google.com/a/owasp.org/d/forum/tampa-chapter<br />
}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
* Thursday evening, June 27, 2019 <br />
<br />
Time:<br />
<br />
* 6:00pm - 9:00pm <br />
<br />
Description:<br />
<br />
* OWASP Tampa Chapter Q3 Meeting <br />
<br />
Location:<br />
* '''The Undercroft''' 1320 E. 9th Ave Tampa, FL 33605<br />
Registration: https://web.securityinnovation.com/owasp-tampa2019<br />
<br />
Presentation: Security Innovation's CMD+CTRL Cyber Range<br />
<br />
Sponsor: Security Innovation<br />
<br />
TOPIC: CTF <br />
<br />
DESCRIPTION: <br />
<br />
'''Security Innovation''' is proud to partner with '''OWASP Tampa''' to offer attendees a fun "find the vulnerabilities" game that shows how hackers break into websites and teaches the importance of secure coding habits. <br />
<br />
The game features CMD+CTRL [https://www.securityinnovation.com/training/cmd-ctrl-cyber-range-security-training/cyber-range-suite/cmdctrl-cyber-range-shadow-bank/ '''ShadowBank'''], a web application cyber range where players compete to find vulnerabilities, score points, and move up the leaderboard. Leveraging cheat sheets, attack tables, and expert led training sessions, players can create fake accounts, transfer funds, buy and sell stocks, and other nefarious acts.<br />
<br />
'''Just bring your computer and evil inner-doer and you are ready to roll!'''<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
The Undercroft 1320 E. 9th AveTampa, FL 33605<br />
<br />
== Presentation Archives ==<br />
<br />
2019-Q1 - Application Security in an Ever Changing Digital Landscape - Trace Hollifield - Presentation Slides [[:File:Dev Sec Ops 2019-03.pdf|here]]<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=248618Tampa2019-03-11T18:15:30Z<p>JonathanSinger: /* Presentation Archives */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer] - Co-Leader<br />
* [mailto:sunny.wear@owasp.org Sunny Wear] - Co-Leader<br />
* Nestor Torres - Chapter Coordinator<br />
* Charlie Marval - Chapter Coordinator<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
* Friday, March 8, 2019 <br />
<br />
Time:<br />
<br />
* 11:30am - 1:00pm <br />
<br />
Description:<br />
<br />
* OWASP Tampa Chapter Q1 Meeting <br />
<br />
Location:<br />
* ISC2 Campus, 311 Park Place Blvd, Clearwater, FL 33759<br />
Tickets:<br />
* https://owasp-tpa-q1-2019.eventbrite.com<br />
Presentation<br />
<br />
SPEAKERS: MicroFocus: Trace Hollifield<br />
<br />
TOPIC: Securing DevOps<br />
<br />
DESCRIPTION: Vulnerabilities plague hardware, software and applications alike. With the pace of development increasing, companies continue to add risk into the production environment. Security professionals need to help the software development lifecycle reduce risk without impeding the timeline. The big question is…how? <br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
ISC2 Campus, 311 Park Place Blvd, Clearwater, FL 33759<br />
<br />
== Presentation Archives ==<br />
<br />
2019-Q1 - Application Security in an Ever Changing Digital Landscape - Trace Hollifield - Presentation Slides [[:File:Dev Sec Ops 2019-03.pdf|here]]<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=File:Dev_Sec_Ops_2019-03.pdf&diff=248617File:Dev Sec Ops 2019-03.pdf2019-03-11T18:15:02Z<p>JonathanSinger: </p>
<hr />
<div></div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=248616Tampa2019-03-11T18:13:16Z<p>JonathanSinger: /* Presentation Archives */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer] - Co-Leader<br />
* [mailto:sunny.wear@owasp.org Sunny Wear] - Co-Leader<br />
* Nestor Torres - Chapter Coordinator<br />
* Charlie Marval - Chapter Coordinator<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
* Friday, March 8, 2019 <br />
<br />
Time:<br />
<br />
* 11:30am - 1:00pm <br />
<br />
Description:<br />
<br />
* OWASP Tampa Chapter Q1 Meeting <br />
<br />
Location:<br />
* ISC2 Campus, 311 Park Place Blvd, Clearwater, FL 33759<br />
Tickets:<br />
* https://owasp-tpa-q1-2019.eventbrite.com<br />
Presentation<br />
<br />
SPEAKERS: MicroFocus: Trace Hollifield<br />
<br />
TOPIC: Securing DevOps<br />
<br />
DESCRIPTION: Vulnerabilities plague hardware, software and applications alike. With the pace of development increasing, companies continue to add risk into the production environment. Security professionals need to help the software development lifecycle reduce risk without impeding the timeline. The big question is…how? <br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
ISC2 Campus, 311 Park Place Blvd, Clearwater, FL 33759<br />
<br />
== Presentation Archives ==<br />
<br />
2019-Q1 - Application Security in an Ever Changing Digital Landscape - Trace Hollifield - Presentation Slides here<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=240226Tampa2018-04-25T14:13:18Z<p>JonathanSinger: /* Next Meeting */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
* Friday, May 4th, 2018<br />
<br />
Time:<br />
<br />
* 11:30am - 1:00pm<br />
<br />
Description:<br />
<br />
* OWASP Tampa Q2-2018 Meeting<br />
<br />
Tickets:<br />
<br />
* https://owasp-tampa-Q2-18.eventbrite.com<br />
<br />
== Presentations ==<br />
<br />
SPEAKERS: Phillip Maddox<br />
<br />
TOPIC: Application Security in the Modern Web<br />
<br />
We're proud to welcome Phillip Maddux (AKA Px Mx AKA foospidy) as our primary speaker. Phillip works at Signal Sciences, and will share a talk entitled "Application Security for the Modern Web":<br />
<br />
Over the last several years we’ve witnessed, and experienced, an advance towards new approaches in web technologies and the processes to deploy web applications. In this talk, we’ll explore and describe the “Modern Web”, discuss observations on the evolution of the Secure SDLC, recognize existing challenges in achieving real-time threat visibility once web applications are deployed to production, and finally, walk through the concepts that address the challenges in fast paced “agile” development cycles.<br />
<br />
BIO:<br />
<br />
Phillip Maddux is a Trusted AppSec Advisor and Senior Solutions Engineer at Signal Sciences. He has over 10 years of experience in information security, with the majority of that time focused on application security in the financial services sector. In his spare moments he enjoys converting ideas to code and committing them to Github.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
Concerto Cloud Services<br />
<br />
4830 W Kennedy Blvd Suite 900<br />
<br />
Tampa, FL 33609<br />
<br />
== Presentation Archives ==<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=240225Tampa2018-04-25T14:12:02Z<p>JonathanSinger: /* Meeting Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
* Friday, May 4th, 2018<br />
<br />
Time:<br />
<br />
* 11:30am - 1:00pm<br />
<br />
Description:<br />
<br />
* OWASP Tampa Q2-2018 Meeting<br />
<br />
Tickets:<br />
<br />
* <nowiki>https://owasp-tampa-Q2-18.eventbrite.com</nowiki><br />
<br />
== Presentations ==<br />
<br />
SPEAKERS:<br />
<br />
TBD<br />
<br />
Topic: TBD<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
Concerto Cloud Services<br />
<br />
4830 W Kennedy Blvd Suite 900<br />
<br />
Tampa, FL 33609<br />
<br />
== Presentation Archives ==<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=234341Tampa2017-10-12T18:41:14Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
* December 8th, 2017<br />
<br />
Time:<br />
<br />
* 11:30am - 1:00pm<br />
<br />
Description:<br />
<br />
* OWASP Tampa Q4-2017 Meeting<br />
<br />
Tickets:<br />
<br />
* COMING SOON<br />
<br />
== Presentations ==<br />
<br />
COMING SOON<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
SecureSet<br />
<br />
[https://goo.gl/maps/Nb1pmkxS9Um 1403 E 9th Ave, Tampa, FL 33605]<br />
<br />
== Presentation Archives ==<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=234340Tampa2017-10-12T18:40:34Z<p>JonathanSinger: q4-2</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
<br />
Date:<br />
<br />
December 8th, 2017<br />
<br />
Time:<br />
<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
<br />
OWASP Tampa Q4-2017 Meeting<br />
<br />
Tickets:<br />
<br />
COMING SOON<br />
<br />
== Presentations ==<br />
<br />
COMING SOON<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
<br />
SecureSet<br />
<br />
[https://goo.gl/maps/Nb1pmkxS9Um 1403 E 9th Ave, Tampa, FL 33605]<br />
<br />
== Presentation Archives ==<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=234339Tampa2017-10-12T18:35:33Z<p>JonathanSinger: q4</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by:<br />
We are looking for sponsors!<br />
<br />
Join the OWASP Tampa LinkedIn group [https://www.linkedin.com/groups/2897535/profile here]. <br />
<br />
Join the OWASP Tampa Facebook group [https://www.facebook.com/owasptampa/ here].<br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
December 8th, 2017<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
OWASP Tampa Q4-2017 Meeting<br />
<br />
Tickets:<br />
COMING SOON<br />
<br />
== Presentations ==<br />
<br />
COMING SOON<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
SecureSet<br />
1403 E 9th Ave, Tampa, FL 33605<br />
<br />
== Presentation Archives ==<br />
<br />
2016-Q4 - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware, Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster", John Ford- Defend Trade Secrets Act of 2016, Steve Obeck, Tanium- Security Hygiene, Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:United States]]<br />
[[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=File:Abacode_USF_Research_Park_EVENT_PARKING_PERMIT.pdf&diff=227548File:Abacode USF Research Park EVENT PARKING PERMIT.pdf2017-03-16T22:29:19Z<p>JonathanSinger: </p>
<hr />
<div></div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=223730Tampa2016-11-30T00:24:35Z<p>JonathanSinger: /* Meeting Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
December 2nd, 2016<br />
<br />
Time:<br />
8:30am - 5:00pm<br />
<br />
Description:<br />
Holiday Extravaganza - Joint meeting with Infragard and ISSA<br />
<br />
Tickets: https://www.eventbrite.com/e/2016-issainfragardowasp-holiday-extravaganza-tickets-29468983523<br />
<br />
== Presentations ==<br />
<br />
8:30am-9:00am - Registration, networking and breakfast<br />
<br />
9:00am-10:00am - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware<br />
<br />
10:00am-11:00am- Keynote - Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster"<br />
<br />
11:00am-12:00pm- John Ford- Defend Trade Secrets Act of 2016<br />
<br />
12:00pm-1:00pm- Lunch and networking round tables to discuss 2017 topics<br />
<br />
1:00pm-2:00pm – Steve Obeck, Tanium- Security Hygiene<br />
<br />
2:00pm-3:00pm- Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
3:00pm-4:15pm- CISO Panel<br />
<br />
4:30pm-6:00pm - Happy Hour<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
Floridan Hotel<br />
<br />
905 N Florida Ave<br />
<br />
Tampa, FL 33602<br />
<br />
== Presentation Archives ==<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=223713Tampa2016-11-28T22:13:00Z<p>JonathanSinger: /* Presentations */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
December 2nd, 2016<br />
<br />
Time:<br />
8:30am - 5:00pm<br />
<br />
Description:<br />
Holiday Extravaganza - Joint meeting with Infragard and ISSA<br />
<br />
Tickets: https://www.eventbrite.com/e/2016-issainfragardowasp-holiday-extravaganza-tickets-29468983523<br />
<br />
== Presentations ==<br />
<br />
8:30am-9:00am - Registration, networking and breakfast<br />
<br />
9:00am-10:00am - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware<br />
<br />
10:00am-11:00am- Keynote - Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster"<br />
<br />
11:00am-12:00pm- John Ford- Defend Trade Secrets Act of 2016<br />
<br />
12:00pm-1:00pm- Lunch and networking round tables to discuss 2017 topics<br />
<br />
1:00pm-2:00pm – Steve Obeck, Tanium- Security Hygiene<br />
<br />
2:00pm-3:00pm- Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
<br />
3:00pm-4:15pm- CISO Panel<br />
<br />
4:30pm-6:00pm - Happy Hour<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ValPak<br />
<br />
Valpak Avenue North<br />
<br />
Saint Petersburg, FL 33716<br />
<br />
== Presentation Archives ==<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=223712Tampa2016-11-28T22:12:41Z<p>JonathanSinger: /* Presentations */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
December 2nd, 2016<br />
<br />
Time:<br />
8:30am - 5:00pm<br />
<br />
Description:<br />
Holiday Extravaganza - Joint meeting with Infragard and ISSA<br />
<br />
Tickets: https://www.eventbrite.com/e/2016-issainfragardowasp-holiday-extravaganza-tickets-29468983523<br />
<br />
== Presentations ==<br />
<br />
8:30am-9:00am - Registration, networking and breakfast<br />
9:00am-10:00am - Mark Villinski, Kaspersky - Unlock the Key to Repel Ransomware<br />
10:00am-11:00am- Keynote - Major General Oleg D. Kalugin, Formerly with KGB and author of "Spymaster"<br />
11:00am-12:00pm- John Ford- Defend Trade Secrets Act of 2016<br />
12:00pm-1:00pm- Lunch and networking round tables to discuss 2017 topics<br />
1:00pm-2:00pm – Steve Obeck, Tanium- Security Hygiene<br />
2:00pm-3:00pm- Jeremy Rasmussen, Cybersecurity Director of Abacode - “Incident Response and Investigations: Tales from the Trenches”<br />
3:00pm-4:15pm- CISO Panel<br />
4:30pm-6:00pm - Happy Hour<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ValPak<br />
<br />
Valpak Avenue North<br />
<br />
Saint Petersburg, FL 33716<br />
<br />
== Presentation Archives ==<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=223711Tampa2016-11-28T22:12:09Z<p>JonathanSinger: /* Meeting Location */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
December 2nd, 2016<br />
<br />
Time:<br />
8:30am - 5:00pm<br />
<br />
Description:<br />
Holiday Extravaganza - Joint meeting with Infragard and ISSA<br />
<br />
Tickets: https://www.eventbrite.com/e/2016-issainfragardowasp-holiday-extravaganza-tickets-29468983523<br />
<br />
== Presentations ==<br />
<br />
Red Team Operating in a modern environment: Learning to live off of the land - Jonathan Echavarria<br />
<br />
Description: It's not 2006 anymore, modern enterprises typically have powerful and varied defenses in place, or at least that's what they want you to believe. From network protections to advanced host based protections, you'll learn how these protections are typically deployed in an enterprise, and why they aren't doing anywhere near as much as they should be, and understand how to see these tools from a red team perspective.<br />
<br />
Speaker Bio: Jonathan Echavarria works as a Red Team Operator for ReliaQuest, an IT Security Services company based out of Tampa, Florida. His areas of focus are offensive operations, malware and exploit development.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ValPak<br />
<br />
Valpak Avenue North<br />
<br />
Saint Petersburg, FL 33716<br />
<br />
== Presentation Archives ==<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=223710Tampa2016-11-28T22:11:39Z<p>JonathanSinger: /* Next Meeting */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
December 2nd, 2016<br />
<br />
Time:<br />
8:30am - 5:00pm<br />
<br />
Description:<br />
Holiday Extravaganza - Joint meeting with Infragard and ISSA<br />
<br />
Tickets: https://www.eventbrite.com/e/2016-issainfragardowasp-holiday-extravaganza-tickets-29468983523<br />
<br />
== Presentations ==<br />
<br />
Red Team Operating in a modern environment: Learning to live off of the land - Jonathan Echavarria<br />
<br />
Description: It's not 2006 anymore, modern enterprises typically have powerful and varied defenses in place, or at least that's what they want you to believe. From network protections to advanced host based protections, you'll learn how these protections are typically deployed in an enterprise, and why they aren't doing anywhere near as much as they should be, and understand how to see these tools from a red team perspective.<br />
<br />
Speaker Bio: Jonathan Echavarria works as a Red Team Operator for ReliaQuest, an IT Security Services company based out of Tampa, Florida. His areas of focus are offensive operations, malware and exploit development.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ARCCorp<br />
<br />
12470 Telecom Drive #400<br />
<br />
Temple Terrace, FL 33637<br />
<br />
== Presentation Archives ==<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=222177Tampa2016-10-06T14:05:28Z<p>JonathanSinger: /* Presentation Archives */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
September 30th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, September 30th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: ARCCorp<br />
<br />
http://www.arccorp.com/<br />
<br />
Tickets: https://www.eventbrite.com/e/owasp-tampa-chapter-q3-meeting-lunch-learn-tickets-26667063906<br />
<br />
== Presentations ==<br />
<br />
Red Team Operating in a modern environment: Learning to live off of the land - Jonathan Echavarria<br />
<br />
Description: It's not 2006 anymore, modern enterprises typically have powerful and varied defenses in place, or at least that's what they want you to believe. From network protections to advanced host based protections, you'll learn how these protections are typically deployed in an enterprise, and why they aren't doing anywhere near as much as they should be, and understand how to see these tools from a red team perspective.<br />
<br />
Speaker Bio: Jonathan Echavarria works as a Red Team Operator for ReliaQuest, an IT Security Services company based out of Tampa, Florida. His areas of focus are offensive operations, malware and exploit development.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ARCCorp<br />
<br />
12470 Telecom Drive #400<br />
<br />
Temple Terrace, FL 33637<br />
<br />
== Presentation Archives ==<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides [https://www.owasp.org/images/4/4b/Red_Team_Operating_in_a_Modern_Environment.pdf here]<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=File:Red_Team_Operating_in_a_Modern_Environment.pdf&diff=222176File:Red Team Operating in a Modern Environment.pdf2016-10-06T14:04:50Z<p>JonathanSinger: </p>
<hr />
<div></div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=222175Tampa2016-10-06T14:04:26Z<p>JonathanSinger: /* Presentation Archives */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
September 30th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, September 30th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: ARCCorp<br />
<br />
http://www.arccorp.com/<br />
<br />
Tickets: https://www.eventbrite.com/e/owasp-tampa-chapter-q3-meeting-lunch-learn-tickets-26667063906<br />
<br />
== Presentations ==<br />
<br />
Red Team Operating in a modern environment: Learning to live off of the land - Jonathan Echavarria<br />
<br />
Description: It's not 2006 anymore, modern enterprises typically have powerful and varied defenses in place, or at least that's what they want you to believe. From network protections to advanced host based protections, you'll learn how these protections are typically deployed in an enterprise, and why they aren't doing anywhere near as much as they should be, and understand how to see these tools from a red team perspective.<br />
<br />
Speaker Bio: Jonathan Echavarria works as a Red Team Operator for ReliaQuest, an IT Security Services company based out of Tampa, Florida. His areas of focus are offensive operations, malware and exploit development.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ARCCorp<br />
<br />
12470 Telecom Drive #400<br />
<br />
Temple Terrace, FL 33637<br />
<br />
== Presentation Archives ==<br />
2016-Q3 - Red Team Operating in a modern environment - Jonathan Echavarria - Presentation Slides<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=222174Tampa2016-10-06T14:01:03Z<p>JonathanSinger: /* Presentation Archives */</p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
September 30th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, September 30th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: ARCCorp<br />
<br />
http://www.arccorp.com/<br />
<br />
Tickets: https://www.eventbrite.com/e/owasp-tampa-chapter-q3-meeting-lunch-learn-tickets-26667063906<br />
<br />
== Presentations ==<br />
<br />
Red Team Operating in a modern environment: Learning to live off of the land - Jonathan Echavarria<br />
<br />
Description: It's not 2006 anymore, modern enterprises typically have powerful and varied defenses in place, or at least that's what they want you to believe. From network protections to advanced host based protections, you'll learn how these protections are typically deployed in an enterprise, and why they aren't doing anywhere near as much as they should be, and understand how to see these tools from a red team perspective.<br />
<br />
Speaker Bio: Jonathan Echavarria works as a Red Team Operator for ReliaQuest, an IT Security Services company based out of Tampa, Florida. His areas of focus are offensive operations, malware and exploit development.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ARCCorp<br />
<br />
12470 Telecom Drive #400<br />
<br />
Temple Terrace, FL 33637<br />
<br />
== Presentation Archives ==<br />
2016-Q3 Jonathan Echarvarria<br />
<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=220883Tampa2016-08-31T14:48:20Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
September 30th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, September 30th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: ARCCorp<br />
<br />
http://www.arccorp.com/<br />
<br />
Tickets: https://www.eventbrite.com/e/owasp-tampa-chapter-q3-meeting-lunch-learn-tickets-26667063906<br />
<br />
== Presentations ==<br />
<br />
Red Team Operating in a modern environment: Learning to live off of the land - Jonathan Echavarria<br />
<br />
Description: It's not 2006 anymore, modern enterprises typically have powerful and varied defenses in place, or at least that's what they want you to believe. From network protections to advanced host based protections, you'll learn how these protections are typically deployed in an enterprise, and why they aren't doing anywhere near as much as they should be, and understand how to see these tools from a red team perspective.<br />
<br />
Speaker Bio: Jonathan Echavarria works as a Red Team Operator for ReliaQuest, an IT Security Services company based out of Tampa, Florida. His areas of focus are offensive operations, malware and exploit development.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ARCCorp<br />
<br />
12470 Telecom Drive #400<br />
<br />
Temple Terrace, FL 33637<br />
<br />
== Presentation Archives ==<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [https://www.owasp.org/images/b/bd/OpenSAMM_Overview.pdf here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=File:OpenSAMM_Overview.pdf&diff=220882File:OpenSAMM Overview.pdf2016-08-31T14:47:39Z<p>JonathanSinger: </p>
<hr />
<div></div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=220881Tampa2016-08-31T14:43:56Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
September 30th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, September 30th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: ARCCorp<br />
<br />
http://www.arccorp.com/<br />
<br />
Tickets: https://www.eventbrite.com/e/owasp-tampa-chapter-q3-meeting-lunch-learn-tickets-26667063906<br />
<br />
== Presentations ==<br />
<br />
Red Team Operating in a modern environment: Learning to live off of the land - Jonathan Echavarria<br />
<br />
Description: It's not 2006 anymore, modern enterprises typically have powerful and varied defenses in place, or at least that's what they want you to believe. From network protections to advanced host based protections, you'll learn how these protections are typically deployed in an enterprise, and why they aren't doing anywhere near as much as they should be, and understand how to see these tools from a red team perspective.<br />
<br />
Speaker Bio: Jonathan Echavarria works as a Red Team Operator for ReliaQuest, an IT Security Services company based out of Tampa, Florida. His areas of focus are offensive operations, malware and exploit development.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ARCCorp<br />
<br />
12470 Telecom Drive #400<br />
<br />
Temple Terrace, FL 33637<br />
<br />
== Presentation Archives ==<br />
2016-Q2 - OpenSAMM Software Assurance Maturity Model - Eoin Fitzpatrick - Presentation Slides [ here]<br />
<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=215800Tampa2016-04-21T18:10:54Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
May 13th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, May 13th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: Princeton<br />
<br />
http://www.princetoninformation.com/<br />
<br />
Tickets: https://owasptampachapterq2.eventbrite.com<br />
<br />
== Presentations ==<br />
<br />
Eoin Fitzpatrick - OpenSAMM Software Assurance Maturity Model<br />
<br />
The managers, designers and builders of software are increasingly asked to secure the code they produce; yet they are rarely provided clear guidance on how.<br />
<br />
This presentation introduces a model (the OpenSAMM, or Open Software Assurance Maturity Model) which provides guidance in a clear organized way. It briefly introduces and illustrates the 12 activities that a development effort may adopt -- in full or in part -- to assure stakeholders and customers a level of security in the software they develop.<br />
<br />
Come ready to view the activity in and around your SDLC from a different perspective, and explore activity you may find eases the burden of working on security-focused software.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ISC(2) Clearwater<br />
<br />
311 Park Place Blvd #400<br />
<br />
Clearwater, Florida 33759<br />
<br />
== Presentation Archives ==<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=210412Tampa2016-03-03T23:07:20Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
== Next Meeting ==<br />
Date:<br />
May 13th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, May 13th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: Princeton<br />
<br />
http://www.princetoninformation.com/<br />
<br />
Tickets: https://owasptampachapterq2.eventbrite.com<br />
<br />
== Presentations ==<br />
<br />
Eoin Fitzpatrick - OpenSAMM Software Assurance Maturity Model<br />
<br />
This talk will discuss the Software Assurance Maturity Model (SAMM). OpenSAMM is an framework which helps organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ISC(2) Clearwater<br />
<br />
311 Park Place Blvd #400<br />
<br />
Clearwater, Florida 33759<br />
<br />
== Presentation Archives ==<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=210411Tampa2016-03-03T23:05:49Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
<br />
== Next Meeting ==<br />
Date:<br />
May 13th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, May 13th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: Princeton<br />
<br />
http://www.princetoninformation.com/<br />
<br />
Tickets: <s>https://owasptampachapterq2.eventbrite.com</s><br />
<br />
== Presentations ==<br />
<br />
Eoin Fitzpatrick - OpenSAMM Software Assurance Maturity Model<br />
<br />
This talk will discuss the Software Assurance Maturity Model (SAMM). OpenSAMM is an framework which helps organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ISC(2) Clearwater<br />
<br />
311 Park Place Blvd #400<br />
<br />
Clearwater, Florida 33759<br />
<br />
== Presentation Archives ==<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=210410Tampa2016-03-03T23:03:59Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
<br />
== Next Meeting ==<br />
Date:<br />
May 13th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, May 13th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
Food Sponsor: Princeton http://www.princetoninformation.com/<br />
<br />
Tickets:<br />
https://owasptampaq22016.eventbrite.com<br />
<br />
== Presentations ==<br />
<br />
Eoin Fitzpatrick - OpenSAMM Software Assurance Maturity Model<br />
<br />
This talk will discuss the Software Assurance Maturity Model (SAMM). OpenSAMM is an framework which helps organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
ISC(2) Clearwater<br />
<br />
311 Park Place Blvd #400<br />
<br />
Clearwater, Florida 33759<br />
<br />
== Presentation Archives ==<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=210357Tampa2016-03-03T14:16:37Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
<br />
== Next Meeting ==<br />
Date:<br />
February 19th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, February 19th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
The meeting will be on the first floor, conference room C, but guests will need to be escorted past the security gates. **Please ask for Sherrill at the front desk of the lobby. **<br />
<br />
Tickets:<br />
https://owasptampaq12016.eventbrite.com<br />
<br />
== Presentations ==<br />
<br />
TBD.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
PWC<br />
<br />
4040 West Boy Scout Boulevard<br />
<br />
Tampa, Florida 33607<br />
<br />
<s>Our next meeting will be held at the [http://www.guidepointsecurity.com/contact-us/#St._Petersburg GuidePoint Security] office in Downtown Saint Petersburg. The address is:<br />
<br />
[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+106+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 106, Saint Petersburg, FL 33701]<br />
<br />
Cash only parking is available across the street in the Muvico parking lot.</s><br />
<br />
== Presentation Archives ==<br />
2016-Q1 - AppSec Pipeline: Application Security in a world of Agile Development, Continuous Change and DevOps - Doug Morato - Presentation Slides [https://www.owasp.org/images/e/ef/OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf here]<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=File:OWASP_Tampa_-_02_19_2016_-_AppSec_Pipeline.pdf&diff=210356File:OWASP Tampa - 02 19 2016 - AppSec Pipeline.pdf2016-03-03T14:16:23Z<p>JonathanSinger: </p>
<hr />
<div></div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=207405Tampa2016-01-23T17:41:38Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
<br />
== Next Meeting ==<br />
Date:<br />
February 19th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, February 19th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
The meeting will be on the first floor, conference room C, but guests will need to be escorted past the security gates. **Please ask for Sherrill at the front desk of the lobby. **<br />
<br />
Tickets:<br />
https://owasptampaq12016.eventbrite.com<br />
<br />
== Presentations ==<br />
<br />
TBD.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
PWC<br />
<br />
4040 West Boy Scout Boulevard<br />
<br />
Tampa, Florida 33607<br />
<br />
<s>Our next meeting will be held at the [http://www.guidepointsecurity.com/contact-us/#St._Petersburg GuidePoint Security] office in Downtown Saint Petersburg. The address is:<br />
<br />
[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+106+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 106, Saint Petersburg, FL 33701]<br />
<br />
Cash only parking is available across the street in the Muvico parking lot.</s><br />
<br />
== Presentation Archives ==<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=207404Tampa2016-01-23T17:40:38Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Tampa|extra=Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* [mailto:jon.singer@owasp.org Jonathan Singer]<br />
* [mailto:brian.beaudry@owasp.org Brian Beaudry]<br />
* [mailto:sunny.wear@owasp.org Sunny Wear]<br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-tampa|emailarchives=http://lists.owasp.org/pipermail/owasp-tampa}}<br />
<br />
<br />
== Next Meeting ==<br />
Date:<br />
February 19th, 2016<br />
<br />
Time:<br />
11:30am - 1:00pm<br />
<br />
Description:<br />
Join us for a Lunch & Learn session scheduled for Friday, February 19th from 11:30am to 1:00pm! Food and a fantastic presentation will be provided. Please RSVP to reserve your spot today! Speaker details will be announced soon.<br />
<br />
The meeting will be on the first floor, conference room C, but guests will need to be escorted past the security gates. **Please ask for Sherrill at the front desk of the lobby. **<br />
<br />
Tickets:<br />
https://owasptampaq12016.eventbrite.com<br />
<br />
== Presentations ==<br />
<br />
TBD.<br />
<br />
== Meeting Location ==<br />
<br />
Location:<br />
PWC<br />
4040 West Boy Scout Boulevard<br />
Tampa, Florida 33607<br />
<br />
{{strikethrough|Our next meeting will be held at the [http://www.guidepointsecurity.com/contact-us/#St._Petersburg GuidePoint Security] office in Downtown Saint Petersburg. The address is:<br />
<br />
[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+106+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 106, Saint Petersburg, FL 33701]<br />
<br />
Cash only parking is available across the street in the Muvico parking lot.}}<br />
<br />
== Presentation Archives ==<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=205255Tampa2015-12-15T16:00:16Z<p>JonathanSinger: </p>
<hr />
<div>== Welcome to the OWASP Tampa Local Chapter ==<br />
<br />
<br />
<br />
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* Jonathan Singer<br />
* Brian Beaudry<br />
* Sunny Wear <br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
<br />
== Next Meeting ==<br />
Our next meeting will be held in 2016. Subscribe to the above mailing list or LinkedIn group for more information.<br />
<br />
== Presentations ==<br />
<br />
TBD.<br />
<br />
== Meeting Location ==<br />
<br />
Our next meeting will be held at the [http://www.guidepointsecurity.com/contact-us/#St._Petersburg GuidePoint Security] office in Downtown Saint Petersburg. The address is:<br />
<br />
[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+106+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 106, Saint Petersburg, FL 33701]<br />
<br />
Cash only parking is available across the street in the Muvico parking lot.<br />
<br />
== Presentation Archives ==<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [https://www.owasp.org/images/d/d3/Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=File:Care_%26_Feeding_of_Programmers_-Addressing_App_Sec_Gaps_with_Headers.pdf&diff=205254File:Care & Feeding of Programmers -Addressing App Sec Gaps with Headers.pdf2015-12-15T15:59:57Z<p>JonathanSinger: OWASP TAMPA Q42015</p>
<hr />
<div>OWASP TAMPA Q42015</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=205253Tampa2015-12-15T15:58:38Z<p>JonathanSinger: </p>
<hr />
<div>== Welcome to the OWASP Tampa Local Chapter ==<br />
<br />
<br />
<br />
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* Jonathan Singer<br />
* Brian Beaudry<br />
* Sunny Wear <br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
<br />
== Next Meeting ==<br />
Our next meeting will be held in 2016. Subscribe to the above mailing list or LinkedIn group for more information.<br />
<br />
== Presentations ==<br />
<br />
TBD.<br />
<br />
== Meeting Location ==<br />
<br />
Our next meeting will be held at the [http://www.guidepointsecurity.com/contact-us/#St._Petersburg GuidePoint Security] office in Downtown Saint Petersburg. The address is:<br />
<br />
[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+106+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 106, Saint Petersburg, FL 33701]<br />
<br />
Cash only parking is available across the street in the Muvico parking lot.<br />
<br />
== Presentation Archives ==<br />
<br />
2015-Q4 - Care & Feeding of Programmers-Addressing App Sec Gaps with Headers - Sunny Wear - Presentation Slides [ here]<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Tampa&diff=205252Tampa2015-12-15T15:53:50Z<p>JonathanSinger: </p>
<hr />
<div>== Welcome to the OWASP Tampa Local Chapter ==<br />
<br />
<br />
<br />
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics. <br />
<br />
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa <br />
<br />
If you have any questions about the Tampa chapter, please send an email to the chapter leaders via the above mailing list:<br />
* Jonathan Singer<br />
* Brian Beaudry<br />
* Sunny Wear <br />
<br />
The Tampa chapter is sponsored by [http://www.guidepointsecurity.com GuidePoint Security] and [http://isc2.org ISC2].<br />
<br />
Join the OWASP Tampa LinkedIn group [http://www.linkedin.com/groups?about=&gid=2897535&trk=anet_ug_grppro here]. <br />
<br />
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.<br />
<br />
== Next Meeting ==<br />
Our next meeting will be held in 2016. Subscribe to the above mailing list or LinkedIn group for more information.<br />
<br />
== Presentations ==<br />
<br />
TBD.<br />
<br />
== Meeting Location ==<br />
<br />
Our next meeting will be held at the [http://www.guidepointsecurity.com/contact-us/#St._Petersburg GuidePoint Security] office in Downtown Saint Petersburg. The address is:<br />
<br />
[https://maps.google.com/maps?q=146+2nd+Street+North+Suite+106+Saint+Petersburg,+FL+33701&ie=UTF8&hq=&hnear=146+2nd+St+N+%23206,+St+Petersburg,+Florida+33701&gl=us&t=m&z=14&ll=27.773124,-82.635867&source=embed 146 2nd Street North, Suite 106, Saint Petersburg, FL 33701]<br />
<br />
Cash only parking is available across the street in the Muvico parking lot.<br />
<br />
== Presentation Archives ==<br />
<br />
2015-Q4 - Secure Session Management - Brian Beaudry - Presentation Slides [http://www.slideshare.net/gpsec/secure-session-management here]<br />
<br />
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides [https://www.owasp.org/images/b/b8/OTD_2014_-_Shadow-IT-Shady-FINAL.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides [https://www.owasp.org/images/0/06/OTD_2014_-_OMF_GPS.pdf here]<br />
<br />
OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides [https://www.owasp.org/images/c/cb/OTD_2014_-_OWASPTop10forMVC.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides [https://www.owasp.org/images/4/42/OTD_2014_-_owasp-mobile.pdf here]<br />
<br />
OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides [https://www.owasp.org/images/0/05/InternDown4What_edit.pdf here]<br />
<br />
2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides [https://www.owasp.org/images/3/34/Do_we_really_know_the_OWASP_Top_10.pdf here]<br />
<br />
2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides [https://www.owasp.org/images/f/fc/Herding_Cats_-_OWASP%2C_Tampa_3-12-2014.pdf here]<br />
<br />
2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides [https://www.owasp.org/images/c/c2/TheEnemyWithin.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides [https://www.owasp.org/images/b/b7/Securing_your_Applications_%26_Data_With_Web_Application_Firewalls.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides [https://www.owasp.org/images/e/e2/Bring_Your_Own_Service.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides [https://www.owasp.org/images/4/47/Design_considerations_and_Guiding_Principles_for_Implementing_Cloud_Security.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides [https://www.owasp.org/images/e/e5/Let%E2%80%99s_Get_Right_To_The_Endpoint.pdf here]<br />
<br />
OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides [https://www.owasp.org/images/2/2f/Vulnerability_Management_That_Works.pdf here]<br />
<br />
2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides [https://www.owasp.org/images/1/10/Taming_the_B.E.A.S.T..pdf here]<br />
<br />
OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides [https://www.owasp.org/images/0/04/OWASP_Changing_the_Game_-_Jason_Kent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides [https://www.owasp.org/images/a/a4/Zenprise_Technical_Presentation_-_Keith_Katz.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides [https://www.owasp.org/images/7/78/Federated_Identities_in_the_Real_World_-_Nathan_Sargent.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/8/8a/Define_and_Optimize_Your_Approach_to_Application_Security_-_Bruce_Jenkins.pdf here]<br />
<br />
OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides [https://www.owasp.org/images/a/a1/Anonymous_-_Lessons_Learned_-_Bill_Church.pdf here]<br />
<br />
2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides [https://www.owasp.org/index.php/File:DBN-OWASP_Presentation.pdf here]<br />
<br />
2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides [https://www.owasp.org/images/8/86/HowNotToBuildAndroidApps2.pdf here]<br />
<br />
2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides [http://www.slideshare.net/mascasa/behind-enemy-lines-practical-triage-approaches-to-mobile-security-abroad here] <br />
<br />
2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides [https://www.owasp.org/images/2/28/Hiding_in_Plain_Sight.pdf here] <br />
<br />
2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides [https://www.owasp.org/images/6/67/PCI_Compliance_9_2011.pdf here] <br />
<br />
OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides [https://www.owasp.org/images/f/f7/OTD2011-TH.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides [https://www.owasp.org/images/a/aa/OTD2011-RR.pdf here] <br />
<br />
OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides [https://www.owasp.org/images/1/12/OTD2011-BJ.pdf here] <br />
<br />
OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides [https://www.owasp.org/images/8/8c/OTD2011-SK.pdf here] <br />
<br />
2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides [http://www.owasp.org/images/3/3b/TampaOWASP_March2011.pdf here] <br />
<br />
2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides [http://www.owasp.org/images/a/ae/Intel_pen_owasp_Q1_2011.pdf here] <br />
<br />
2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides [http://www.owasp.org/images/f/fa/Vulnerability_Scanning_in_an_IPv6_World.pdf here] <br />
<br />
2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides [http://www.scribd.com/doc/41173753/Nessus-Bridge-for-Metasploit here] <br />
<br />
2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides [http://www.fyrmassociates.com/pdfs/Stealing_Guests_The_VMware_Way-ShmooCon2010.pdf here] <br />
<br />
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides [http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf here] <br />
<br />
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides [http://www.owasp.org/images/d/df/HackingTheSmartGrid-OWASP_Tampa.pdf here] <br />
<br />
2009-Q2 - Open SAMM - Zate Berg - Presentation slides [https://www.owasp.org/images/c/c3/Software_Assurance_Maturity_Model.pdf here] <br />
<br />
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides [https://www.owasp.org/images/b/bb/BlackHat-DC-09-Flick-XAB_Slides.pdf here] <br />
<br />
2008-Q4 - Google Code Search&nbsp;: The pitfalls of Copy/Paste - Tony Flick - Presentation slides [https://www.owasp.org/images/5/5b/GoogleCodeSearch.pdf here] <br />
<br />
[[Category:OWASP_Chapter]] [[Category:Florida]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=185008Orlando2014-11-09T16:12:41Z<p>JonathanSinger: /* OWASP Orlando Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://owasp-orlando.eventbrite.com and check out the community at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus.<br><br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec. Location Provided by University of Central Florida.<br />
<br />
=== Guest Speakers ===<br />
'''Blog like a hacker - Vikram Dhillon'''<br><br />
People just entering information security have a tough path ahead to become established and well-known. One major tool that almost all well known security analysts have is a blog where they all reach out to their audience. Getting a blog on a popular CMS platform is easy and of course great and all but you can't show your own skills off. Enter Jekyll. A blog written from scratch up where you can show off your own development skills. Most developers are using their own styling along with various plugins combined in this Ruby-based tool to show off how they can blog like a hacker. This session will be a walkthrough of how to blog using jekyll. I will showcase what the finished project looks like, how to get started with one, the structure of the app and finally how to extend the blog you've created with your own imagination.<br />
<br />
'''Technological Telekinesis: Become One with the Force (aka Art, Gadgets and Tech) - Nathan Selikoff'''<br><br />
Witness how objects and digital worlds can be manipulated without any direct contact. You never see a Jedi with a keyboard or a touchscreen, do you? Why be tethered when you can freely express yourself? With a low-cost input device, a laptop, and a bit of programming know-how, you can capture a flick of the wrist or an all out dance routine. What you do from there is only limited by your imagination. Kinect yourself and Leap into the future! Nathan Selikoff is an artist and programmer who plays with interactivity and motion in time and space. Inspired by the behavior of systems, science, nature, and music, he combines computer code, traditional materials, and future technology to bring new ideas to life.<br />
<br />
=== Schedule ===<br />
<br />
6:00PM - 6:15 Arrive at UCF[[File:ORLMAP.png|right]]<br />
<br />
6:15 - 7:00 Blog like a hacker - Vikram Dhillon<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Technological Telekinesis - Nathan Selikoff<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
=== Location Details ===<br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
=== Parking Details ===<br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=File:ORLMAP.png&diff=185007File:ORLMAP.png2014-11-09T16:10:46Z<p>JonathanSinger: </p>
<hr />
<div></div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=185006Orlando2014-11-09T15:59:58Z<p>JonathanSinger: /* OWASP Orlando Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://owasp-orlando.eventbrite.com and check out the community at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus.<br><br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec. Location Provided by University of Central Florida.<br />
<br />
=== Guest Speakers ===<br />
'''Blog like a hacker - Vikram Dhillon'''<br><br />
People just entering information security have a tough path ahead to become established and well-known. One major tool that almost all well known security analysts have is a blog where they all reach out to their audience. Getting a blog on a popular CMS platform is easy and of course great and all but you can't show your own skills off. Enter Jekyll. A blog written from scratch up where you can show off your own development skills. Most developers are using their own styling along with various plugins combined in this Ruby-based tool to show off how they can blog like a hacker. This session will be a walkthrough of how to blog using jekyll. I will showcase what the finished project looks like, how to get started with one, the structure of the app and finally how to extend the blog you've created with your own imagination.<br />
<br />
'''Technological Telekinesis: Become One with the Force (aka Art, Gadgets and Tech) - Nathan Selikoff'''<br><br />
Witness how objects and digital worlds can be manipulated without any direct contact. You never see a Jedi with a keyboard or a touchscreen, do you? Why be tethered when you can freely express yourself? With a low-cost input device, a laptop, and a bit of programming know-how, you can capture a flick of the wrist or an all out dance routine. What you do from there is only limited by your imagination. Kinect yourself and Leap into the future! Nathan Selikoff is an artist and programmer who plays with interactivity and motion in time and space. Inspired by the behavior of systems, science, nature, and music, he combines computer code, traditional materials, and future technology to bring new ideas to life.<br />
<br />
=== Schedule ===<br />
<br />
6:00PM - 6:15 Arrive at UCF<br />
<br />
6:15 - 7:00 Blog like a hacker - Vikram Dhillon<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Technological Telekinesis - Nathan Selikoff<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
=== Location Details ===<br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
=== Parking Details ===<br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=185005Orlando2014-11-09T15:59:02Z<p>JonathanSinger: /* OWASP Orlando Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://owasp-orlando.eventbrite.com and check out the community at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus.<br />
<br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec. Location Provided by University of Central Florida.<br />
<br />
=== Guest Speakers ===<br />
'''Blog like a hacker - Vikram Dhillon'''<br><br />
People just entering information security have a tough path ahead to become established and well-known. One major tool that almost all well known security analysts have is a blog where they all reach out to their audience. Getting a blog on a popular CMS platform is easy and of course great and all but you can't show your own skills off. Enter Jekyll. A blog written from scratch up where you can show off your own development skills. Most developers are using their own styling along with various plugins combined in this Ruby-based tool to show off how they can blog like a hacker. This session will be a walkthrough of how to blog using jekyll. I will showcase what the finished project looks like, how to get started with one, the structure of the app and finally how to extend the blog you've created with your own imagination.<br />
<br />
'''Technological Telekinesis: Become One with the Force (aka Art, Gadgets and Tech) - Nathan Selikoff'''<br><br />
Witness how objects and digital worlds can be manipulated without any direct contact. You never see a Jedi with a keyboard or a touchscreen, do you? Why be tethered when you can freely express yourself? With a low-cost input device, a laptop, and a bit of programming know-how, you can capture a flick of the wrist or an all out dance routine. What you do from there is only limited by your imagination. Kinect yourself and Leap into the future!<br />
<br />
=== Schedule ===<br />
<br />
6:00PM - 6:15 Arrive at UCF<br />
<br />
6:15 - 7:00 Blog like a hacker - Vikram Dhillon<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Technological Telekinesis - Nathan Selikoff<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
=== Location Details ===<br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
=== Parking Details ===<br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=185004Orlando2014-11-09T15:58:06Z<p>JonathanSinger: /* Schedule */</p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://owasp-orlando.eventbrite.com and check out the community at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus. We are currently looking for speakers.<br />
<br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec. Location Provided by University of Central Florida.<br />
<br />
=== Guest Speakers ===<br />
'''Blog like a hacker - Vikram Dhillon'''<br><br />
People just entering information security have a tough path ahead to become established and well-known. One major tool that almost all well known security analysts have is a blog where they all reach out to their audience. Getting a blog on a popular CMS platform is easy and of course great and all but you can't show your own skills off. Enter Jekyll. A blog written from scratch up where you can show off your own development skills. Most developers are using their own styling along with various plugins combined in this Ruby-based tool to show off how they can blog like a hacker. This session will be a walkthrough of how to blog using jekyll. I will showcase what the finished project looks like, how to get started with one, the structure of the app and finally how to extend the blog you've created with your own imagination.<br />
<br />
'''Technological Telekinesis: Become One with the Force (aka Art, Gadgets and Tech) - Nathan Selikoff'''<br><br />
Witness how objects and digital worlds can be manipulated without any direct contact. You never see a Jedi with a keyboard or a touchscreen, do you? Why be tethered when you can freely express yourself? With a low-cost input device, a laptop, and a bit of programming know-how, you can capture a flick of the wrist or an all out dance routine. What you do from there is only limited by your imagination. Kinect yourself and Leap into the future!<br />
<br />
=== Schedule ===<br />
<br />
6:00PM - 6:15 Arrive at UCF<br />
<br />
6:15 - 7:00 Blog like a hacker - Vikram Dhillon<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Technological Telekinesis - Nathan Selikoff<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
=== Location Details ===<br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
=== Parking Details ===<br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=185003Orlando2014-11-09T15:57:48Z<p>JonathanSinger: /* Guest Speakers */</p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://owasp-orlando.eventbrite.com and check out the community at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus. We are currently looking for speakers.<br />
<br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec. Location Provided by University of Central Florida.<br />
<br />
=== Guest Speakers ===<br />
'''Blog like a hacker - Vikram Dhillon'''<br><br />
People just entering information security have a tough path ahead to become established and well-known. One major tool that almost all well known security analysts have is a blog where they all reach out to their audience. Getting a blog on a popular CMS platform is easy and of course great and all but you can't show your own skills off. Enter Jekyll. A blog written from scratch up where you can show off your own development skills. Most developers are using their own styling along with various plugins combined in this Ruby-based tool to show off how they can blog like a hacker. This session will be a walkthrough of how to blog using jekyll. I will showcase what the finished project looks like, how to get started with one, the structure of the app and finally how to extend the blog you've created with your own imagination.<br />
<br />
'''Technological Telekinesis: Become One with the Force (aka Art, Gadgets and Tech) - Nathan Selikoff'''<br><br />
Witness how objects and digital worlds can be manipulated without any direct contact. You never see a Jedi with a keyboard or a touchscreen, do you? Why be tethered when you can freely express yourself? With a low-cost input device, a laptop, and a bit of programming know-how, you can capture a flick of the wrist or an all out dance routine. What you do from there is only limited by your imagination. Kinect yourself and Leap into the future!<br />
<br />
=== Schedule ===<br />
<br />
6:00PM - 6:15 Arrive at UCF<br />
<br />
6:15 - 7:00 Blog like a hacker - Vikram Dhillon<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Pending Second Speaker<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
=== Location Details ===<br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
=== Parking Details ===<br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=184703Orlando2014-11-04T19:33:41Z<p>JonathanSinger: /* OWASP Orlando Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://owasp-orlando.eventbrite.com and check out the community at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus. We are currently looking for speakers.<br />
<br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec. Location Provided by University of Central Florida.<br />
<br />
=== Guest Speakers ===<br />
'''Blog like a hacker - Vikram Dhillon'''<br><br />
People just entering information security have a tough path ahead to become established and well-known. One major tool that almost all well known security analysts have is a blog where they all reach out to their audience. Getting a blog on a popular CMS platform is easy and of course great and all but you can't show your own skills off. Enter Jekyll. A blog written from scratch up where you can show off your own development skills. Most developers are using their own styling along with various plugins combined in this Ruby-based tool to show off how they can blog like a hacker. This session will be a walkthrough of how to blog using jekyll. I will showcase what the finished project looks like, how to get started with one, the structure of the app and finally how to extend the blog you've created with your own imagination.<br />
<br />
=== Schedule ===<br />
<br />
6:00PM - 6:15 Arrive at UCF<br />
<br />
6:15 - 7:00 Blog like a hacker - Vikram Dhillon<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Pending Second Speaker<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
=== Location Details ===<br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
=== Parking Details ===<br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=183632Orlando2014-10-14T20:18:06Z<p>JonathanSinger: /* Schedule */</p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus. We are currently looking for speakers.<br />
<br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec.<br />
<br />
=== Guest Speakers ===<br />
'''Blog like a hacker - Vikram Dhillon'''<br><br />
People just entering information security have a tough path ahead to become established and well-known. One major tool that almost all well known security analysts have is a blog where they all reach out to their audience. Getting a blog on a popular CMS platform is easy and of course great and all but you can't show your own skills off. Enter Jekyll. A blog written from scratch up where you can show off your own development skills. Most developers are using their own styling along with various plugins combined in this Ruby-based tool to show off how they can blog like a hacker. This session will be a walkthrough of how to blog using jekyll. I will showcase what the finished project looks like, how to get started with one, the structure of the app and finally how to extend the blog you've created with your own imagination.<br />
<br />
=== Schedule ===<br />
<br />
6:00PM - 6:15 Arrive at UCF<br />
<br />
6:15 - 7:00 Blog like a hacker - Vikram Dhillon<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Pending Second Speaker<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
=== Location Details ===<br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
=== Parking Details ===<br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=183631Orlando2014-10-14T20:16:48Z<p>JonathanSinger: /* OWASP Orlando Chapter Meetings */</p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus. We are currently looking for speakers.<br />
<br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec.<br />
<br />
=== Guest Speakers ===<br />
'''Blog like a hacker - Vikram Dhillon'''<br><br />
People just entering information security have a tough path ahead to become established and well-known. One major tool that almost all well known security analysts have is a blog where they all reach out to their audience. Getting a blog on a popular CMS platform is easy and of course great and all but you can't show your own skills off. Enter Jekyll. A blog written from scratch up where you can show off your own development skills. Most developers are using their own styling along with various plugins combined in this Ruby-based tool to show off how they can blog like a hacker. This session will be a walkthrough of how to blog using jekyll. I will showcase what the finished project looks like, how to get started with one, the structure of the app and finally how to extend the blog you've created with your own imagination.<br />
<br />
=== Schedule ===<br />
<br />
6:00PM - 6:15 Arrive at UCF<br />
<br />
6:15 - 7:00 First Speaker<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Second Speaker<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
=== Location Details ===<br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
=== Parking Details ===<br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSingerhttps://wiki.owasp.org/index.php?title=Orlando&diff=183588Orlando2014-10-13T13:48:05Z<p>JonathanSinger: </p>
<hr />
<div>{{Chapter Template|chaptername=Orlando|extra=The chapter was founded in August 2011 by Tony Turner and is currently led by[mailto:tony.turner@owasp.org Tony Turner] and [mailto:jon.singer@owasp.org Jon Singer].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-orlando|emailarchives=http://lists.owasp.org/pipermail/owasp-orlando}}<br />
<br />
== Meeting Registration == <br />
<br />
Please register for our meetings at http://www.meetup.com/OWASP-Orlando<br />
<br />
== OWASP Orlando Chapter Meetings ==<br />
<br />
'''Q4 2014 Meeting November 12'''<br />
<br />
We will be holding our Q4 meeting on Wednesday, November 12th at The University of Central Florida, main campus. We are currently looking for speakers.<br />
<br />
There is NO cost to attend. Refreshments and snacks are provided by HeroiSec.<br />
<br />
6:00PM - 6:15 Arrive at UCF<br />
<br />
6:15 - 7:00 First Speaker<br />
<br />
7:00 - 7:10 Short break for refreshments and questions<br />
<br />
7:10 - 7:55 Second Speaker<br />
<br />
7:55 - 8:00 Questions and closing remarks<br />
<br />
8:00 - ? World of Beer social gathering (21+)<br />
<br />
Location Details:<br><br />
UCF Teaching Academy[https://www.google.com/maps/place/Teaching+Academy]<br><br />
Room 117<br><br />
4221 Andromeda Loop N<br><br />
Orlando, FL 32816<br />
<br />
Parking Details:<br><br />
Garage A<br><br />
University Blvd.<br />
<br />
== Meeting History ==<br />
<br />
'''Q2 2014 May 12 Secure Coding Training'''<br />
<br />
We will be holding a midday 4 hour training on secure application development led by Jim Manico. This workshop is an abridged version of the following course:<br />
<br />
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.<br />
<br />
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.<br />
<br />
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.<br />
<br />
Jim Manico is a member of the OWASP Board and currently manages many OWASP projects including the cheatsheet series. He also runs Manicode Security where he specializes in application security training<br />
<br />
Training location<br />
IST Partnership 2<br />
2nd Floor Room 208<br />
3100 Technology Parkway<br />
Orlando, FL 32826<br />
<br />
The parking lot will (most likely) be full <br />
<br />
You can also park across the street at:<br />
College of Nursing Address:<br />
12201 Research Parkway,<br />
Orlando, FL 32826<br />
<br />
----<br />
<br />
'''Q4 2013 October 30 Meeting'''<br />
<br />
OWASP Orlando is holding a social event for Q3/4 with complimentary wings and beer at Buffalo Wild Wings. We'd like to welcome you out to talk about web app security, upcoming events, Central FL infosec and other topics of note. There is no formal agenda, just show up, eat food, drink beer and hang out! We do have a limited budget for this event and expect we should have enough for the first couple hours, but if turn out is much greater than anticipated, or folks want to stay later we may have to switch to a non-free model at some point in the evening. Please register for this event so we can get an accurate account for who will be coming and an idea of cost.<br />
<br />
Topics of interest:<br />
<br />
• AppSecUSA conference in NYC (Nov 17-21)<br />
<br />
• B-Sides Orlando conference (April 5-6)<br />
<br />
• Chapter Outreach Opportunities (We recently presented for ISACA)<br />
<br />
• Other CFL Inosec groups (Some new groups, some old. We want to work with you!)<br />
<br />
• Cool projects you are working on<br />
<br />
• Beer<br />
<br />
There is NO cost to attend, but if you are interested in donating or joining the chapter please contact me at tony.turner@owasp.org<br />
<br />
We do not currently have sponsorship for this event, if you are interested please do not hesitate to contact us.<br />
<br />
http://goo.gl/N5TRrw<br />
<br />
----<br />
<br />
'''Q2 2013 Meeting June 26'''<br />
<br />
Our Q2 meeting for 2013 will be a bit of a change in pace. Due to chapter demand for more hands on content, we are holding a Web App Hacking Workshop. You will need to bring a laptop with VMware Workstation or Player (free) installed. We will provide the VM. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "Web App Hacking Workshop with Mutillidae" Facilitated by Tony Turner<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q1 2013 Meeting February 13'''<br />
<br />
We are kicking off Q1 of 2013 by going back to the basics. Chapter leadership will be delivering coverage of the OWASP Top 10, with examples and ways you can help reduce your exposure. As always we will have our AppSec Trivia Contest and we have some OWASP hardcopy books for Testing Guide, Code Review Guide and Top 10 to give away as prizes.<br />
<br />
We have also changed our venue to Cloudspace who have graciously allowed us to use their space. UCF Medical College, while a great facility was a bit far for some folks to drive so we hope this will work out better for everyone.<br />
<br />
6:15 - 6:30 Arrive at Cloudspace (see below)<br />
<br />
6:30 - 6:45 Welcome and Opening Remarks<br />
<br />
6:45 - 8:00 "OWASP Top 10" - Tony Turner and William Riggins<br />
<br />
8:00 - ? After event social gathering - Location TBD<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
Cloudspace (near UCF Main campus)<br />
11551 University Blvd Suite 2<br />
Orlando, FL 32817<br />
http://goo.gl/45l1b<br />
<br />
----<br />
<br />
'''Q3 2012 Meeting September 12'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "An Insider's Look: WAF and Identity and Access Management Integration" - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.<br />
<br />
In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques. <br />
<br />
*Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.<br />
<br />
Twitter: @secureideas<br />
<br />
We do not currently have a sponsor for this event but refreshments will be provided. If you are interested in sponsoring please contact tony.turner@owasp.org<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q2 2012 Meeting May 15'''<br />
<br />
The theme for Q2 is Mobile Security<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "Practical Android Security" - Jack Mannino<br />
:Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "Application Firewalling in the Age of Mobile: New Considerations" - Stephen Mak<br />
:With mobile application development on a rapid rise, it is important to understand the security risks associated with externally published APIs. This talk will discuss the similarities and differences of risks posed by browser-based web applications and mobile applications.<br />
<br />
*Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education. <br />
*Stephen Mak is the Product Manager for the Layer 7 SecureSpan Gateway, and has over 10 years product management experience in the enterprise application software industry. <br />
<br />
Refreshments will be provided at the event and have been donated by Fishnet Security.<br />
<br />
University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.<br />
<br />
----<br />
<br />
'''Q1 2012 Meeting February 22'''<br />
<br />
5:45 - 6:00 Arrive<br />
<br />
6:00 - 6:15 Welcome and Opening Remarks / Appsec Trivia<br />
<br />
6:15 - 7:00 "OWASP Where are we... Where are we going in 2012" - Tom Brennan<br />
<br />
7:00 - 7:15 Break<br />
<br />
7:15 - 8:00 "XSS Defense" - Jim Manico<br />
:This talk will discuss the past methods used for cross-site scripting (XSS) defense that were only partially effective. Learning from these lessons, we will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.<br />
<br />
8:00 - ? After event social gathering - Cariera's<br />
<br />
*Tom Brennan is a Director at Spiderlabs/Trustwave, an OWASP Global Board Member and Chapter Leader for OWASP NY/NJ Metro. <br />
*Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. <br />
<br />
Refreshments donated by Security Innovation.<br />
<br />
University of Central Florida provided meeting space at the Medical College campus. <br />
<br />
----<br />
<br />
Inaugural Meeting October 19, 2011 6:30 PM at Seasons 52<br />
<br />
We will be holding our first meeting on October 19 for an informal gathering of those interested in the OWASP mission. This is a chance to get to know the other members of the chapter and engage in the initial dialogue that will drive the direction of the group. We want to know what kinds of technologies you use or are interested in learning about, the challenges you are facing in your daily work and get a sense for the types of content you want to see at future meetings. I will bring some copies of various OWASP guides and possibly some other OWASP shwag to this initial meeting. We will be covering the OWASP mission, culture, and a high level view of OWASP projects. The format for this meeting will largely be discussion oriented. This is not currently a sponsored event, but we do have interested parties asking about sponsorship opportunities so this may change.<br />
<br />
== Presentation Archive ==<br />
<br />
[https://www.owasp.org/images/e/e8/XSS_Past_Present_and_Future_v2.pptx XSS Past Present and Future v2] - Jim Manico Orlando Q1 2012<br />
<br />
[https://www.owasp.org/images/c/ce/Access_Control_Pitfalls_v1.1.pptx Access Control Pitfalls] - Jim Manico Orlando Q1 2012 (Optional 2nd talk not delivered at chapter meeting)<br />
<br />
[https://www.owasp.org/images/6/60/2012Whereweare..Wherearewegoing.pptx OWASP Where are we... Where are we going in 2012] - Tom Brennan Orlando Q1 2012<br />
<br />
[https://owasp.org/images/7/7f/OWASP_Orlando_20120515_App_Fw_age_of_mobile.pdf Application Firewalling in the Age of Mobile: New Considerations] - Stephen Mak Orlando Q2 2012<br />
<br />
Practical Android Security - Jack Mannino Orlando Q2 2012<br />
<br />
[https://owasp.org/images/2/2e/Orlando_OWASP_-_RealWorldWebServiceTesting.pptx Don't Drop the Soap: Real World Web Service Testing for Web Hackers] - Kevin Johnson Orlando Q3 2012<br />
<br />
[https://owasp.org/images/e/ee/Orlando_OWASP_WAF_and_IAM_Integration_92012_v2.pptx Web Application Firewalls and Identity and Access Management Integration] - Jan Poscobutt Orlando Q3 2012<br />
<br />
[https://www.owasp.org/images/3/3f/OWASP_Top_10_-_Deep_Dive_-_Code.pptx OWASP Top 10 with Code Examples] - Slides by Bill Riggins, Co-Presented with Tony Turner Orlando Q1 2013<br />
<br />
== Chapter Information ==<br />
<br />
OWASP Orlando is newly formed as of August 2011. The first meeting was held on October 19, 2011 and was designed largely as a social event to bring new members together. After this initial informal meeting we are continuing with quarterly meetings focused on content that attendees can apply within their own environments for minimal or no-cost to their organizations. We do not tolerate vendor-centric presentations but do encourage vendors to present as long as they can keep their marketing attempts to a minimum and focus on the underlying issues and technology. Typically we have 2 speakers with topics designed to meet the needs of the Builder, Breaker and Defender communities. As of April 2012 have continued to meet this commitment. Keep watching this space for announcements about upcoming events. If you are interested in being a speaker or taking a more active leadership role within the chapter, please contact the chapter leaders at the link above. Everyone is welcome to join us at our chapter meetings. We track membership based on participation at the mailing list linked on this page and this will be the primary means of communication for the chapter. We also have a Linkedin group at http://goo.gl/BB9fu <br />
<br />
== Supporters ==<br />
<br />
;[https://www.owasp.org/index.php/Membership For information on becoming a supporter and associated benefits]<br />
<br />
'''Organizational Supporters'''<br />
<br />
[[Image:symantec1.jpg|link=http://www.symantec.com/|Symantec Corporation - 2012]]<br />
<br />
----<br />
<br />
'''Chapter Supporters'''<br />
<br />
[[Image:cloudspace_logo.png|link=http://cloudspace.com/|Cloudspace Venue Sponsor - OWASP Orlando 2013]]<br />
<br />
----<br />
<br />
'''Single Meeting Supporters'''<br />
<br />
[[Image:Securityinnovation.png|link=http://www.securityinnovation.com/|Security Innovation - OWASP Orlando Q1 2012]]<br />
[[Image:Fishnetlogo.png|link=http://www.fishnetsecurity.com/|Fishnet Security - OWASP Orlando Q2 2012]]<br />
<br />
----<br />
<br />
'''Academic Supporters'''<br />
<br />
[[Image:Ucf_medcollege.png|link=http://med.ucf.edu/|UCF College of Medicine - OWASP Orlando Q1-Q2 2012]]<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Florida]]<br />
[[Category:Orlando]]<br />
[[Category:OWASP_Chapter]]</div>JonathanSinger