This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Dallas"

From OWASP
Jump to: navigation, search
Line 28: Line 28:
 
=== Announcements  ===
 
=== Announcements  ===
  
== September Meeting ==
+
== February Meeting ==
 
   
 
   
  
'''When:''' Monday, September 19, 2016 - 5:30 PM
+
'''When:''' Tuesday, February 21, 2017 - 6:00 PM
  
 +
'''Topic: ''' Secure Architecture In The Land of Microservices
  
'''Topic: ''' Web Attacker’s Toolkit: An in depth analysis of RFI in the wild
+
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.
  
Remote File Inclusion attacks (RFI) have always been a popular method for gaining access to a vulnerable web server over the years. Based on Akamai's recent observations of Internet traffic, and an increase of RFI attacks by over 89% from last quarter, we'll be taking a look at some of the new techniques being used, new distribution locations, and obfuscation and evasion attempts that aim to bypass Web Application Firewalls to execute successfully.
+
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.
  
 +
//stuff
  
'''Who:''' Tony Lauro is a Lead Sr. Enterprise Security Architect for Akamai's Web Security division.
+
In this presentation, we explore using the following microservice concepts and patterns:
  
Tony works with Akamai customers across many industry verticals but specializes in addressing web security threats.  He'll share some "war stories" from a diverse client base and demonstrate real world scenarios facing today's modern businesses.
+
API Gateway
  
 +
• Routing
  
'''Where:'''  Akamai - 15950 Dallas Parkway, Dallas, TX
+
• Service discovery
  
The Conference Center for Tollway Plaza is located on the western side of the South Tower lobby, directly across from suite 100 (Stewart Title North Texas)
+
• Authentication
  
 +
• Authorization
  
http://meetu.ps/2ZnTSY
+
• Patterns like CQRS
  
The meeting food & drinks will be sponsored by Akamai.
+
• https://github.com/uber/hyperbahn
  
  
IMPORTANT Meeting Notes:
+
'''Who:''' Jack is the CEO at nVisium and focuses on building solutions to make security and education scale in fast-paced software development organizations.
  
The Akamai office is a gun-free zone.  Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space.
+
He has worked with large software development teams around to guide secure software from conceptualization to production. Jack is a huge open source fan and regularly contributes to a wide variety of projects, and previously created the OWASP Mobile Security Project. In his spare time, he enjoys digging into new frameworks and writes most of his (good) code in Scala. He has spoken at most of the other major conferences people generally list in their bios, and usually finds writing about himself harder than it is for most people.
  
 +
'''Where:''' 8000 Dominion Pkwy, Plano, TX - Capital One
  
== October Meeting ==
+
http://meetu.ps/35WYRw
 
   
 
   
  
'''When:''' Monday, October 17, 2016 - 5:30 PM
+
IMPORTANT Meeting Notes:
 +
  
 +
Follow OWASP signs to lobby and sign in.
  
'''Topic: ''' NoSQL: "No Injections" or "No Security"?
+
The location is a gun-free zone.  Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space.  Also, backpacks, suitcases, and other bags larger than a small purse cannot be brought into the building by guests.
  
Over the last few years JavaScript has crept out of the browsers to infect our server code (Node.JS) and our databases (NoSQL). MongoDB is one of the most popular NoSQL databases and is often deployed in the MEAN stack (Mongo/Express/Angular/Node). First we’ll look at the (in)security of standard MongoDB deployments seen in the wild. Second, we’ll see how MEAN application developers often misuse the APIs, leaving their documents and servers vulnerable to attack. Finally, we’ll review existing tools for NoSQL vulnerability discovery and exploitation.
+
The meeting food & drinks will be sponsored by Capital One.
  
 +
  
'''Who:''' Stark Riedesel is a Security Consultant for Cigital, an industry leader in application security.
+
=== Previous Meetings  ===
 
 
Stark graduated from SMU’s Lyle Engineering School with a Masters in Computer Science in 2014. He has been involved with numerous application and network penetration tests since. Recently, Stark has been involved with security research related to AngularJS, NodeJS, and MongoDB.
 
 
 
  
'''Where:'''  Akamai - 15950 Dallas Parkway, Dallas, TX
 
  
The Conference Center for Tollway Plaza is located on the western side of the South Tower lobby, directly across from suite 100 (Stewart Title North Texas)
+
== January Meeting ==
 +
'''When:''' January 17 - 6:00 PM
  
 +
'''Topic: ''' Helping Developers Embrace Security with OWASP Tools
  
http://meetu.ps/2ZHdpW
+
'''Who:''' Joseph Konieczka is a Lead Technology Solutions Specialist on the Remedy on Demand infrastructure team at BMC Software.  
 
 
The meeting food & drinks will be sponsored by Akamai.
 
 
 
 
 
IMPORTANT Meeting Notes:
 
 
 
The Akamai office is a gun-free zone.  Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space.
 
 
 
  
 +
'''Where:''' 6011 Connection Drive, Irving, TX 75039, Dallas, TX - Goldman Sachs
  
 
== November Meeting ==
 
== November Meeting ==
 
 
 
'''When:''' Tuesday, November 8, 2016 - 5:30 PM
 
'''When:''' Tuesday, November 8, 2016 - 5:30 PM
 
  
 
'''Topic: ''' Privacy Preserving Big Data Analytics
 
'''Topic: ''' Privacy Preserving Big Data Analytics
 
With increasing growth of cloud services, machine learning services can be run on cloud providers' infrastructure, essentially offering Machine Learning as a Service (MLaaS). However, machine learning solutions require access to the raw data, which creates potential security and privacy risks. Therefore, we need to provide solutions to run machine learning algorithms on encrypted data and allow the parties to provide/receive the service without having to reveal their sensitive data to the other parties. In this talk, we present state-of-the-art privacy preserving machine learning with focus on how to design and implement different machine learning algorithms, both classic and deep learning algorithms, over encrypted data.
 
 
  
 
'''Who:''' Hassan Takabi is Assistant Professor of Computer Science and Engineering at the University of North Texas, Denton, TX, USA.  
 
'''Who:''' Hassan Takabi is Assistant Professor of Computer Science and Engineering at the University of North Texas, Denton, TX, USA.  
  
He is director and founder of the Information Security and Privacy: Interdisciplinary Research and Education (INSPIRE) Lab and a member of the Center for Information and Computer Security (CICS). His research is focused on various aspects of cybersecurity and privacy including advanced access control models, insider threats, computation over encrypted data, and usable security and privacy. He is a member of ACM and IEEE.
+
'''Where:'''  Epsilon - 6021 Connection Drive, Irving, TX
  
 +
== October Meeting ==
 +
'''When:''' Monday, October 17, 2016 - 5:30 PM
  
'''Where:''' Epsilon - 6021 Connection Drive, Irving, TX (map)
+
'''Topic: ''' NoSQL: "No Injections" or "No Security"?
  
Sign in at the front lobby and you'll be directed to the conference room.
+
'''Who:''' Stark Riedesel is a Security Consultant for Cigital, an industry leader in application security.  
  
 +
'''Where:'''  Akamai - 15950 Dallas Parkway, Dallas, TX
  
 +
== September Meeting ==
 +
'''When:''' Monday, September 19, 2016 - 5:30 PM
  
http://meetu.ps/2ZZkL4
+
'''Topic: ''' Web Attacker’s Toolkit: An in depth analysis of RFI in the wild
  
The meeting food & drinks will be sponsored by Epsilon.
+
'''Who:''' Tony Lauro is a Lead Sr. Enterprise Security Architect for Akamai's Web Security division.  
  
 
+
'''Where:'''  Akamai - 15950 Dallas Parkway, Dallas, TX
IMPORTANT Meeting Notes:
 
 
 
The Epsilon office is a gun-free zone.  Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space.  Also, backpacks, suitcases, and other bags larger than a small purse cannot be brought into the building by guests.
 
 
 
 
 
=== Previous Meetings  ===
 
  
 
== August Meeting ==
 
== August Meeting ==
 
 
'''When:''' Tuesday, August 16, 2016 - 5:30 PM
 
'''When:''' Tuesday, August 16, 2016 - 5:30 PM
  

Revision as of 20:22, 31 January 2017

OWASP Dallas

Welcome to the Dallas chapter homepage. The chapter leaders are

Chapter Lead- Denis Sheridan

Board Member- Matt Parsons

Board Member- Jeromme Lawler




Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Get Connected and Stay Connected

In addition to our Mailing List we also have a Dallas OWASP Twitter Feed a Dallas OWASP Facebook Page and a Dallas OWASP Linkedin Group. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.

Click any of the links below to visit the corresponding Dallas OWASP social networking groups:

Join the list.png Follow-us-on-twitter.png Join-us-on-Facebook.jpg Linkedin-button.gif


Announcements

February Meeting

When: Tuesday, February 21, 2017 - 6:00 PM

Topic: Secure Architecture In The Land of Microservices

Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.

In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.

//stuff

In this presentation, we explore using the following microservice concepts and patterns:

API Gateway

• Routing

• Service discovery

• Authentication

• Authorization

• Patterns like CQRS

https://github.com/uber/hyperbahn


Who: Jack is the CEO at nVisium and focuses on building solutions to make security and education scale in fast-paced software development organizations.

He has worked with large software development teams around to guide secure software from conceptualization to production. Jack is a huge open source fan and regularly contributes to a wide variety of projects, and previously created the OWASP Mobile Security Project. In his spare time, he enjoys digging into new frameworks and writes most of his (good) code in Scala. He has spoken at most of the other major conferences people generally list in their bios, and usually finds writing about himself harder than it is for most people.

Where: 8000 Dominion Pkwy, Plano, TX - Capital One

http://meetu.ps/35WYRw


IMPORTANT Meeting Notes:


Follow OWASP signs to lobby and sign in.

The location is a gun-free zone. Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space. Also, backpacks, suitcases, and other bags larger than a small purse cannot be brought into the building by guests.

The meeting food & drinks will be sponsored by Capital One.


Previous Meetings

January Meeting

When: January 17 - 6:00 PM

Topic: Helping Developers Embrace Security with OWASP Tools

Who: Joseph Konieczka is a Lead Technology Solutions Specialist on the Remedy on Demand infrastructure team at BMC Software.

Where: 6011 Connection Drive, Irving, TX 75039, Dallas, TX - Goldman Sachs

November Meeting

When: Tuesday, November 8, 2016 - 5:30 PM

Topic: Privacy Preserving Big Data Analytics

Who: Hassan Takabi is Assistant Professor of Computer Science and Engineering at the University of North Texas, Denton, TX, USA.

Where: Epsilon - 6021 Connection Drive, Irving, TX

October Meeting

When: Monday, October 17, 2016 - 5:30 PM

Topic: NoSQL: "No Injections" or "No Security"?

Who: Stark Riedesel is a Security Consultant for Cigital, an industry leader in application security.

Where: Akamai - 15950 Dallas Parkway, Dallas, TX

September Meeting

When: Monday, September 19, 2016 - 5:30 PM

Topic: Web Attacker’s Toolkit: An in depth analysis of RFI in the wild

Who: Tony Lauro is a Lead Sr. Enterprise Security Architect for Akamai's Web Security division.

Where: Akamai - 15950 Dallas Parkway, Dallas, TX

August Meeting

When: Tuesday, August 16, 2016 - 5:30 PM

Topic: OWASP Dallas August Social

Who: Dallas OWASP Community

Where: Braindead Brewing - 2625 Main St, Dallas, TX

July Meeting

When: Tuesday, July 19, 2016 - 5:30 PM

Topic: Pen Testing with Powershell

Who: Rajganesh Pandurangan is a Lead Managing Consultant at US Bank and the creator of Web Application Exploitation Distro (http://www.waed.info)

Where: 6011 Connection Drive, Irving, TX 75039, Dallas, TX - Goldman Sachs

Materials: Media:OWASP-pentest-with-powershell.pptx

June Meeting

When: Tuesday, June 21, 2016 - 5:30 PM

Topic: Web App Testing Stats Compared to The OWASP Top 10

Who: Joel Scambray is a Principal at Cigital.

Where: 8000 Dominion Pkwy, Plano, TX - Capital One

Materials: Media:Cigital_Top10_DallasOWASP-062116.pdf

May Meeting

When: Tuesday, May 17, 2016 - 5:30 PM

Topic: Can we do better than Passwords?

Who: Dr. Girish Chiruvolu, CISSP, CISM is Director, Information security and Risk Management at Thomson Reuters, Carrollton TX.

Where: 6011 Connection Drive, Irving, TX 75039 - Goldman Sachs.

Materials: Media:OWASP_May17th_Password-less-logins.pdf

April Meeting

When: Tuesday, April 19, 2016 - 5:30 PM

Topic: OWASP Happy Hour

Who: OWASP Dallas Members

Where: Humperdinks NW Highway - 2208 W Northwest Hwy, Dallas, TX

March Meeting

When: Tuesday, March 15, 2016 - 5:30 PM

Topic: Integrating Security into the Software/System Development Life Cycle (SDLC) Process—Myths and Facts

Who: Rick Brunner is an Assistant Faculty member at Collin College and is an active member of Collin’s Cyber Security Advisory Board.

Where: Epsilon - 6021 Connection Drive, Irving, TX.

Materials: Media:March_2016_OWASP_-_Secure_SDLC_Presentation_and_Related_Material.zip

February Meeting

When: Wednesday, February 17, 2016 - 5:30 PM

Topic: DNS Attack Vectors

Who: John Devasia is a Senior Product Manager in the Cloud Security BU at Akamai Technologies.

Where: 6011 Connection Drive, Irving, TX 75039 - Goldman Sachs.

January Meeting

When: Tuesday, January 19, 2016 - 5:30 PM

Topic: Bountiful Bugs and DRM Breakage

Who: Dave Ferguson is a Solution Architect at Qualys and has been a specialist in Application Security since 2006.

Where: 6011 Connection Drive, Irving, TX 75039 - Goldman Sachs.

PDF of Slides

November Meeting

When: Tuesday, November 17th, 2015 from 5:30 PM – ?:?? PM

Topic: OWASP Dallas Happy Hour

Where: Mexican Sugar at Shops at Legacy - 7501 Lone Star Drive, Suite 8150, Plano, TX

October Meeting

When: Wednesday October 7th, 2015 from 11:30 AM – 1:00 PM

Topic: Anatomy of a Logic Flaw

Who: Charles Henderson is the Vice President of Managed Security Testing at Trustwave.

Where: 6011 Connection Drive, Irving, TX 75039.

September Meeting

When: Thursday September 17th, 2015 from 5:30PM – 6:30 PM

Topic: Application Security Trends

Who: Stephen Pasco is a Vice President of Application Risk at Goldman Sachs

Where: 6011 Connection Drive, Irving, TX 75039.

May Meeting

When: Wednesday May 6, 2015 from 11:30 AM – 1:00 PM

Topic: The Future of Mobile Payments: Secure Mobile Architecture

Who: Denis M. Sheridan is a Managing Consultant at Cigital.

Where: North Lake College Central Campus, 5001 North MacArthur Boulevard, Irving, Texas 75038, Room: A-215

October Meeting

When: Wednesday October 1, 2014 from 11:30 AM – 1:00 PM

Topic: Succeeding with Enterprise Software Security Key Performance Indicators

Who: Rafal Los, Director, Office of the CISO

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

March Meeting

When: Wednesday March 5, 2014 from 11:30 AM – 1:00 PM

Topic: OWASP Dallas basic Python tutorial

Who: Matt Parsons, CISSP MSM

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

September Meeting

When: Wednesday September 11, 2013 from 11:30 AM – 1:00 PM

Topic: PCI Mobile Payment Acceptance Security Guidelines for Developers

Who: Ralph Spencer Poore, Director, Emerging Standards at PCI Security Standards Council

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Slides: Media:Dallas OWASP 9-11-2013.pdf

May Meeting

When: Wednesday May 8, 2013 from 11:30 AM – 1:00 PM

Topic: Implementation Patterns for Software Security Programs

Who: Dan Cornell, Principal, Denim Group

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map

February Meeting

When: Wednesday February 6, 2013 from 11:30 AM – 1:00 PM

Topic: Using Webappsec Vulns to Break Censorship

Who: Robert Hansen, a.k.a. rsnake

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map


Retrieved from "https://wiki.owasp.org/index.php?title=Dallas&oldid=225775"