This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Bay Area"

From OWASP
Jump to: navigation, search
Line 2: Line 2:
 
=Next Event=
 
=Next Event=
 
==Date and Location==
 
==Date and Location==
   '''February, 21st @ 6PM - Robert Half International'''
+
   '''March 14th, 2012 @ 6PM - Astech Consulting'''
   5720 Stoneridge Dr
+
   71 Stevenson St # 1425 
   Pleasanton CA 94588
+
   San Francisco, CA 94105
  
OWASP Bay Area will host its next meeting at the Robert Half International on Thursday, February 21.  As usual attendance is free and food and beverages will be provided.  This will be an awesome event and a great opportunity to network with industry peers.  The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.   
+
OWASP Bay Area will host its next meeting at Astech Consulting on Wednesday, March 14, 2012.  As usual attendance is free and food and beverages will be provided.  This will be an awesome event and a great opportunity to network with industry peers.  The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.   
  
Special thanks to Robert Half International for hosting this event and to Cenzic for sponsoring.
+
Special thanks to Astech Consulting for hosting this event.
  
 
==Agenda==
 
==Agenda==
   6:00pm - 6:30pm ... Check-in and Reception (food & beverages)
+
  6pm - Welcome
   6:30pm - 7:15pm ... '''Your Client-Side Security Sucks. Stop Using It.''' – Kurt Grutzmacher
+
   6:10pm - John Kinsella, Rebuilding for the Cloud - How cloud
   7:15pm - 8:00pm ... '''NTLM attacks and countermeasures''' – Eric Rachner
+
      architecture can improve application security
   8:00pm - 8:30pm ... Networking Session
+
   6:55pm - Break and Job Posting Slides
 +
   7:10pm - Tin Zaw, Cucumber and friends: tools for security that matters
 +
   8pm - Another speaker TBD
  
==Speakers==
+
You must RSVP prior to attending, we need to know how many people are
'''Your Client-Side Security Sucks. Stop Using It.'''
+
coming to make sure we have the correct room sizing.
  
Presented by: Kurt Grutzmacher
+
RSVP at: http://bayareaowaspmar2012.eventbrite.com
 
 
Abstract: Browser-based security has been used for many years to 'protect' back-end systems from attack or to enhance the user experience. This should not be your only protection and can even open your application to business logic flaws that scanning tools can not detect nor report upon! This talk will show some real world examples of client-side security and the failures they introduced. Business logic flaws such as the MacWorld Expo Platinum Pass will be examined in depth.
 
 
 
Bio: Kurt Grutzmacher has been performing Penetration Testing for a "very large financial institution" for nearly a decade and recently moved to a "very large utility company" to start their internal testing program. For two years in a row he has exposed the methods required to obtain free Platinum Passes to MacWorld and is hoping they'll get it right the third time, he's tired of explaining it to them. Kurt contributes to the Metasploit project occasionally and is currently working on enhancing the project's support for NTLM in web-based attacks. He also randomly blogs at http://grutztopia.jingojango.net/ -- very randomly.
 
 
 
'''NTLM attacks and countermeasures'''
 
 
 
Presented by: Eric Rachner
 
 
 
Abstract: Eric will demonstrate the NTLM relay attack, in which an attacker accesses arbitrary web sites and file shares using the credentials of any user who can be lured into visiting the attacker's web site. Since NTLM is enabled by default as part of the Windows integrated authentication protocol suite, this attack is a potential concern in any enterprise where Windows is widely used.  Following the demonstration, we will explore the history and mechanics of the attack, as well as mitigation options.
 
 
 
Bio: Eric Rachner is a security researcher and lead consultant specializing in threat analysis, vulnerability assessment and penetrating testing of complex mission critical applications and systems.  Mr. Rachner began his career in IT at Microsoft in 1994.  As a senior member of Microsoft's Security Team, Eric led several projects including application penetration testing, code reviews, design reviews and security awareness training for internal application teams throughout Microsoft's global IT organization. In 2005, Eric became an independent security consultant and researcher providing services to large global enterprises in North America and Europe.  Away from the office Eric has many hobbies; he also participated as a core member of the hacking team that won the prestigious "Capture the Flag" contest at Def Con three years in a row.
 
 
 
==RSVP==
 
Please RSVP at http://owaspfeb2008.eventbrite.com
 
  
 
=Bay Area Chapter Leaders=
 
=Bay Area Chapter Leaders=
*[mailto:[email protected] Brian Bertacini]
+
*[mailto:mailto:cory@crazypenguin.com Cory Scott]
*Garrett Gee
+
*[mailto:Teresa-ann-stevens@comcast.net Teresa Stevens]
*[mailto:mandeep@cenzic.com Mandeep Khera]
 
*[mailto:robipapp@yahoo.com Robi Papp]
 

Revision as of 10:01, 19 February 2012

Next Event

Date and Location

  March 14th, 2012 @ 6PM - Astech Consulting
  71 Stevenson St # 1425  
  San Francisco, CA 94105

OWASP Bay Area will host its next meeting at Astech Consulting on Wednesday, March 14, 2012. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

Special thanks to Astech Consulting for hosting this event.

Agenda

  6pm - Welcome
  6:10pm - John Kinsella, Rebuilding for the Cloud - How cloud
      architecture can improve application security
  6:55pm - Break and Job Posting Slides
  7:10pm - Tin Zaw, Cucumber and friends: tools for security that matters
  8pm - Another speaker TBD

You must RSVP prior to attending, we need to know how many people are coming to make sure we have the correct room sizing.

RSVP at: http://bayareaowaspmar2012.eventbrite.com

Bay Area Chapter Leaders

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Bay_Area&oldid=124612"