Difference between revisions of "Dallas"

Revision as of 15:42, 12 July 2018 (view source) Jeromme Lawler (talk | contribs) ← Older edit		Revision as of 05:47, 18 September 2018 (view source) Jeromme Lawler (talk | contribs) Newer edit →
Line 20:		Line 20:
	=== Announcements  ===		=== Announcements  ===
−	== August Meeting ==	+	== September Meeting ==
−	'''When:''' Tuesday, August 21, 2018 - 6:00 PM	+	'''When:''' Tuesday, September 18, 2018 - 6:00 PM
		+
		+	'''Topic: ''' Security Shift Left! Enable, Protect, and Execute.
		+
		+	Discussion around the shift in the landscape of enterprise technology being driven by their online presence and what that means for the security community. As more and more enterprises adopt a shift-left mentality, move to the cloud, and migrate their business to the web, security must follow suit. How do we as security professionals ensure we are supporting and enabling the business while still protecting its most critical assets? We’ll take a high level look at a modern security approach, introduce tools to enable the development teams, and how we can start to put the "Sec" in "DevOps".
−	'''Topic: ''' Tangled Web
		+	'''Who:''' Teddi Poehls, currently working as a Senior Sales Engineer for Signal Sciences, has over 10 years of experience in information security. Starting off at a fortune 500 enterprise she has spent most of her career working on the front line of operations dealing with both day to day tasks as well as strategic long-term plans and breach mitigation. She specializes in cross department and skip level communication for business enablement with a technical focus. She has spent the last 4 years at security software companies as a sales engineer working with Fortune 500 and larger companies. Currently specializing in web application security she focuses on layer 7 threats, misuse and protection.
−	Adversaries are attacking on all fronts, for example, phishing, networks, and web applications. We not only have to get better at securing our applications; we need to start being more proactive in detecting, responding and perhaps attacking back?! Let’s chat about the possibilities of using deception in our web applications and services to detect, identify, respond and sideline our adversaries.
		+	'''Where:''' Epsilon - 6021 Connection Drive, Irving, TX
−	'''Who:''' Herb has been in IT for over 30 years -- 20 years as a developer and 10 in application security. He has worked for State Farm for over 26 years. He is currently a member of the Security Analytics/Threat hunting team. Previous security roles include: application security design, web application/service pentester, and secure coding subject matter expert. I have a Masters degree in Information Assurance and Security and am currently holding: CISSP, CSSLP, GSEC, GPEN, and CRISC certifications. Use of deception as a means of defense is my current security passion.	+	Enter lobby to be escorted to conference room.
−	'''Where:''' State Farm Insurance - 3661 N. Plano Rd. Suite 1000, Richardson, TX	+	The meeting food & drinks will be sponsored by Epsilon.
−	Park in the CITYLINE garage. Please bring a photo ID as part of the check-in process.
		+	IMPORTANT Meeting Notes:
−	The meeting food & drinks will be sponsored by State Farm.	+	The location is a gun-free zone. Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space. Also, backpacks, suitcases, and other bags larger than a small purse cannot be brought into the building by guests.
		+	=== Previous Meetings  ===
−	IMPORTANT Meeting Notes:
−	The location is a gun-free zone.  Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space.	+	== August Meeting ==
		+	'''When:''' Tuesday, August 21, 2018 - 6:00 PM
		+	'''Topic: ''' Tangled Web
−	== July Meeting ==	+	'''Who:''' Herb has worked for State Farm for over 26 years. He is currently a member of the Security Analytics/Threat hunting team.
		+	'''Where:''' State Farm Insurance - 3661 N. Plano Rd. Suite 1000, Richardson, TX
		+	== July Meeting ==
	'''When:''' Tuesday, July 17, 2018 - 6:00 PM		'''When:''' Tuesday, July 17, 2018 - 6:00 PM
−
	'''Topic: ''' Interactive Capture the Flag (CTF) Introduction		'''Topic: ''' Interactive Capture the Flag (CTF) Introduction
−		+	'''Who:''' Gabriel Lawrence is the General Manager of Cyber-Protection at Toyota
−	Capture the Flag competitions offer a safe and fun place to explore information security, as well as learn new tools and skills as part of a team. Anyone with a basic technical foundation can succeed, but there are some tips and tricks to getting started. This talk will cover an overview of different types of CTFs, and, allow for some hands on work on some real CTF challenges from past CTFs I’ve hosted. Bring your laptop and play and learn.
−
−
−
−	'''Who:''' Gabriel Lawrence is the General Manager of Cyber-Protection at Toyota where he oversees SOC, IR, Security Architecture, Red Team, Vulnerability Management, and probably something else. As a security researcher he worked with Chris Frohoff to expose the dangers of de-serializing untrusted data which is now A8 in the OWASP Top 10. He has been involved in CTFs for several years as a competitor at many different conferences and as an organizer for Toorcon, LayerOne, and AppSec Cali. He was on the team that took first place at Derbycon in 2016.
−
	'''Where:''' Toyota Motor North America, Inc. - 6565 Headquarters Drive, Plano, TX		'''Where:''' Toyota Motor North America, Inc. - 6565 Headquarters Drive, Plano, TX
−
−
−	Guests may park in the visitors parking area on Headquarters Dr. right outside main lobby in front of W1 and E1 buildings. Enter the main lobby to sign in. Meeting will be in the Corona W1-0C-04 / Crown W1-0C-12 conference rooms.
−
−
−	The meeting food & drinks will be sponsored by Toyota.
−
−
−	IMPORTANT Meeting Notes:
−
−	The location is a gun-free zone.  Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space.
−
−
−	=== Previous Meetings  ===
	== June Meeting ==		== June Meeting ==

---

Revision as of 05:47, 18 September 2018

OWASP Dallas

Welcome to the Dallas chapter homepage. The chapter leader is Denis Sheridan.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

Get Connected and Stay Connected

In addition to our Mailing List we also have a Dallas OWASP Twitter Feed a Dallas OWASP Facebook Page and a Dallas OWASP Linkedin Group. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.

Click any of the links below to visit the corresponding Dallas OWASP social networking groups:

Announcements

September Meeting

When: Tuesday, September 18, 2018 - 6:00 PM

Topic: Security Shift Left! Enable, Protect, and Execute.

Discussion around the shift in the landscape of enterprise technology being driven by their online presence and what that means for the security community. As more and more enterprises adopt a shift-left mentality, move to the cloud, and migrate their business to the web, security must follow suit. How do we as security professionals ensure we are supporting and enabling the business while still protecting its most critical assets? We’ll take a high level look at a modern security approach, introduce tools to enable the development teams, and how we can start to put the "Sec" in "DevOps".

Who: Teddi Poehls, currently working as a Senior Sales Engineer for Signal Sciences, has over 10 years of experience in information security. Starting off at a fortune 500 enterprise she has spent most of her career working on the front line of operations dealing with both day to day tasks as well as strategic long-term plans and breach mitigation. She specializes in cross department and skip level communication for business enablement with a technical focus. She has spent the last 4 years at security software companies as a sales engineer working with Fortune 500 and larger companies. Currently specializing in web application security she focuses on layer 7 threats, misuse and protection.

Where: Epsilon - 6021 Connection Drive, Irving, TX

Enter lobby to be escorted to conference room.

The meeting food & drinks will be sponsored by Epsilon.

IMPORTANT Meeting Notes:

The location is a gun-free zone. Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space. Also, backpacks, suitcases, and other bags larger than a small purse cannot be brought into the building by guests.

Previous Meetings

August Meeting

When: Tuesday, August 21, 2018 - 6:00 PM

Topic: Tangled Web

Who: Herb has worked for State Farm for over 26 years. He is currently a member of the Security Analytics/Threat hunting team.

Where: State Farm Insurance - 3661 N. Plano Rd. Suite 1000, Richardson, TX

July Meeting

When: Tuesday, July 17, 2018 - 6:00 PM

Topic: Interactive Capture the Flag (CTF) Introduction

Who: Gabriel Lawrence is the General Manager of Cyber-Protection at Toyota

Where: Toyota Motor North America, Inc. - 6565 Headquarters Drive, Plano, TX

June Meeting

When: Tuesday, June 19, 2018 - 6:00 PM

Topic: Cloud Jacking

Who: Bryan McAninch is a cybersecurity professional with over twenty years experience in various disciplines including digital forensics, penetration testing, and security architecture.

Where: Toyota Motor North America, Inc. - 6565 Headquarters Drive, Plano, TX

April Meeting

When: Tuesday, April 17, 2018 - 6:00 PM

Topic: Viewing the Nodes in the Noise: Leveraging Data Science to Discover Persistent Threats

Who: David Evenden is an experienced offensive security operator/analyst with over 10 years of active work experience inside the Intelligence Community (IC).

Where: Allstate - 8711 N. Freeport Parkway - Irving, TX

March Meeting

When: Tuesday, March 20, 2018 - 6:00 PM

Topic: DevSecOps Unplugged

Who: Vishal Asthana, CISSP has been with Security Compass for over 4 years

Where: Akamai - 15950 Dallas Parkway - Dallas, TX

February Meeting

When: Tuesday, February 20, 2018 - 6:00 PM

Topic: Bugs in the Blockchain and “Contractual” Vulnerability

Who: Stark Riedesel is a software security consultant working for Synopsys here in the Dallas area.

Where: Alliance Data Systems - 7500 Dallas Parkway 7th Floor, Plano, TX

Materials: Media:Bugs_in_the_Blockchain.pptx

January Meeting

When: Tuesday, January 16, 2018 - 6:00 PM

Topic: OWASP Top 10 2017

Who: Andrew van der Stock is a Senior Principal Consultant with Synopsys.

Where: Toyota Motor North America, Inc. - 6565 Headquarters Drive · Plano

October Meeting

When: Tuesday, October 10, 2017 - 6:00 PM

Topic: Application Security in the DevOps World

Who: Apoorva Phadke is a Senior Security Consultant at Synopsys.

Where: Akamai - 15950 Dallas Parkway, Dallas, TX

September Meeting

When: Wednesday, September 13, 2017 - 6:00 PM

Topic: Automate All The Things

Who: Matt Konda, CEO of Jemurai. Jemurai is a consulting firm specializing in application security.

Where: Epsilon - 6021 Connection Drive, Irving, TX

August Meeting

When: Wednesday, August 15, 2017 - 6:00 PM

Topic: Making Vulnerability Management Less Painful with OWASP DefectDojo

Who: Greg Anderson is a security professional and creator of DefectDojo

Where: Intuit

Materials: https://docs.google.com/presentation/d/1DnV-e6TWoH0YexZJpPQeRTD0eeHwWpmsSu-MRjMczwQ/edit?usp=sharing

July Meeting

When: Wednesday, July 19, 2017 - 6:00 PM

Topic: IoT Security Landscape: Survey & Analysis

Who: Mark Szewczul, CISSP, is an IoT Security Architect at Zimperium

Where: Goldman Sachs - 6011 Connection Drive, Irving, TX 75039, Dallas, TX

June Meeting

When: Tuesday, June 20, 2017 - 6:00 PM

Topic: From Hot Rodding to Hacking, Securing the Modern Automobile

Who: Art Dahnert is a Managing Consultant who has over 19 years of experience in the software industry with over 8 years Application Security experience.

Where: Toyota - 5360 Legacy Drive, Building 1, 2nd Floor, Plano, TX

Materials: media:Hot_Rodding_and_Hacking_v3.pdf

May Meeting

When: Tuesday, May 16, 2017 - 6:00 PM

Topic: OWASP Dallas Social

Who: OWASP Dallas

Where: Dots Hop House & Cocktail Courtyard - 2645 Commerce Street , Dallas, TX (map)

April Meeting

When: Monday, April 17, 2017 - 6:00 PM

Topic: AWS Security: Staying on Top of the Cloud

Who: Kurtis Miller is a Principal Security Consultant for NCC Group, North America.

Where: Goldman Sachs - 6011 Connection Drive, Irving, TX 75039, Dallas, TX

Materials: media:AWS_Security_-_Staying_on_Top_of_the_Cloud.pdf

March Meeting

When: Tuesday, March 21, 2017 - 6:00 PM

Topic: Secrets Revealed: How Your Competitors are Scaling Application Security

Who: Nishchal Bhalla, is a noted expert, speaker and a published author who has been in the information security field for two decades.

Where: Intuit, Inc. - 5601 Headquarters Dr, Plano, TX

Materials: media:2017.03_OWASP_Dallas_Presentation_v5.pdf (More Info)

February Meeting

When: Tuesday, February 21, 2017 - 6:00 PM

Topic: Secure Architecture In The Land of Microservices

Who: Jack is the CEO at nVisium and focuses on building solutions to make security and education scale in fast-paced software development organizations.

Where: 8000 Dominion Pkwy, Plano, TX - Capital One

Materials: Media:Microservice_Security.pdf

January Meeting

When: January 17 - 6:00 PM

Topic: Helping Developers Embrace Security with OWASP Tools

Who: Joseph Konieczka is a Lead Technology Solutions Specialist on the Remedy on Demand infrastructure team at BMC Software.

Where: 6011 Connection Drive, Irving, TX 75039, Dallas, TX - Goldman Sachs

November Meeting

When: Tuesday, November 8, 2016 - 5:30 PM

Topic: Privacy Preserving Big Data Analytics

Who: Hassan Takabi is Assistant Professor of Computer Science and Engineering at the University of North Texas, Denton, TX, USA.

Where: Epsilon - 6021 Connection Drive, Irving, TX

October Meeting

When: Monday, October 17, 2016 - 5:30 PM

Topic: NoSQL: "No Injections" or "No Security"?

Who: Stark Riedesel is a Security Consultant for Cigital, an industry leader in application security.

Where: Akamai - 15950 Dallas Parkway, Dallas, TX

September Meeting

When: Monday, September 19, 2016 - 5:30 PM

Topic: Web Attacker’s Toolkit: An in depth analysis of RFI in the wild

Who: Tony Lauro is a Lead Sr. Enterprise Security Architect for Akamai's Web Security division.

Where: Akamai - 15950 Dallas Parkway, Dallas, TX

August Meeting

When: Tuesday, August 16, 2016 - 5:30 PM

Topic: OWASP Dallas August Social

Who: Dallas OWASP Community

Where: Braindead Brewing - 2625 Main St, Dallas, TX

July Meeting

When: Tuesday, July 19, 2016 - 5:30 PM

Topic: Pen Testing with Powershell

Who: Rajganesh Pandurangan is a Lead Managing Consultant at US Bank and the creator of Web Application Exploitation Distro (http://www.waed.info)

Where: 6011 Connection Drive, Irving, TX 75039, Dallas, TX - Goldman Sachs

Materials: Media:OWASP-pentest-with-powershell.pptx

June Meeting

When: Tuesday, June 21, 2016 - 5:30 PM

Topic: Web App Testing Stats Compared to The OWASP Top 10

Who: Joel Scambray is a Principal at Cigital.

Where: 8000 Dominion Pkwy, Plano, TX - Capital One

Materials: Media:Cigital_Top10_DallasOWASP-062116.pdf

May Meeting

When: Tuesday, May 17, 2016 - 5:30 PM

Topic: Can we do better than Passwords?

Who: Dr. Girish Chiruvolu, CISSP, CISM is Director, Information security and Risk Management at Thomson Reuters, Carrollton TX.

Where: 6011 Connection Drive, Irving, TX 75039 - Goldman Sachs.

Materials: Media:OWASP_May17th_Password-less-logins.pdf

April Meeting

When: Tuesday, April 19, 2016 - 5:30 PM

Topic: OWASP Happy Hour

Who: OWASP Dallas Members

Where: Humperdinks NW Highway - 2208 W Northwest Hwy, Dallas, TX

March Meeting

When: Tuesday, March 15, 2016 - 5:30 PM

Topic: Integrating Security into the Software/System Development Life Cycle (SDLC) Process—Myths and Facts

Who: Rick Brunner is an Assistant Faculty member at Collin College and is an active member of Collin’s Cyber Security Advisory Board.

Where: Epsilon - 6021 Connection Drive, Irving, TX.

Materials: Media:March_2016_OWASP_-_Secure_SDLC_Presentation_and_Related_Material.zip

February Meeting

When: Wednesday, February 17, 2016 - 5:30 PM

Topic: DNS Attack Vectors

Who: John Devasia is a Senior Product Manager in the Cloud Security BU at Akamai Technologies.

Where: 6011 Connection Drive, Irving, TX 75039 - Goldman Sachs.

January Meeting

When: Tuesday, January 19, 2016 - 5:30 PM

Topic: Bountiful Bugs and DRM Breakage

Who: Dave Ferguson is a Solution Architect at Qualys and has been a specialist in Application Security since 2006.

Where: 6011 Connection Drive, Irving, TX 75039 - Goldman Sachs.

November Meeting

When: Tuesday, November 17th, 2015 from 5:30 PM – ?:?? PM

Topic: OWASP Dallas Happy Hour

Where: Mexican Sugar at Shops at Legacy - 7501 Lone Star Drive, Suite 8150, Plano, TX

October Meeting

When: Wednesday October 7th, 2015 from 11:30 AM – 1:00 PM

Topic: Anatomy of a Logic Flaw

Who: Charles Henderson is the Vice President of Managed Security Testing at Trustwave.

Where: 6011 Connection Drive, Irving, TX 75039.

September Meeting

When: Thursday September 17th, 2015 from 5:30PM – 6:30 PM

Topic: Application Security Trends

Who: Stephen Pasco is a Vice President of Application Risk at Goldman Sachs

Where: 6011 Connection Drive, Irving, TX 75039.

May Meeting

When: Wednesday May 6, 2015 from 11:30 AM – 1:00 PM

Topic: The Future of Mobile Payments: Secure Mobile Architecture

Who: Denis M. Sheridan is a Managing Consultant at Cigital.

Where: North Lake College Central Campus, 5001 North MacArthur Boulevard, Irving, Texas 75038, Room: A-215

October Meeting

When: Wednesday October 1, 2014 from 11:30 AM – 1:00 PM

Topic: Succeeding with Enterprise Software Security Key Performance Indicators

Who: Rafal Los, Director, Office of the CISO

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

March Meeting

When: Wednesday March 5, 2014 from 11:30 AM – 1:00 PM

Topic: OWASP Dallas basic Python tutorial

Who: Matt Parsons, CISSP MSM

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

September Meeting

When: Wednesday September 11, 2013 from 11:30 AM – 1:00 PM

Topic: PCI Mobile Payment Acceptance Security Guidelines for Developers

Who: Ralph Spencer Poore, Director, Emerging Standards at PCI Security Standards Council

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Slides: Media:Dallas OWASP 9-11-2013.pdf

May Meeting

When: Wednesday May 8, 2013 from 11:30 AM – 1:00 PM

Topic: Implementation Patterns for Software Security Programs

Who: Dan Cornell, Principal, Denim Group

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map

February Meeting

When: Wednesday February 6, 2013 from 11:30 AM – 1:00 PM

Topic: Using Webappsec Vulns to Break Censorship

Who: Robert Hansen, a.k.a. rsnake

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map