This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Omaha"

From OWASP
Jump to: navigation, search
m
 
(94 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Omaha|extra=The chapter leaders are [mailto:[email protected] John Rogers], [mailto:[email protected] Zac Fowler], [mailto:[email protected] Rob Temple], Fred Donovan, and [mailto:michael.born@owasp.org Michael Born].
+
{{Chapter Template|chaptername=Omaha|extra=The chapter leaders are [mailto:[email protected] Michael Born], [mailto:[email protected] Dave Pinos],  [mailto:[email protected] John Rogers], [mailto:[email protected] Zac Fowler], [mailto:[email protected] Rob Temple], [mailto:[email protected] Fred Donovan], and [mailto:justin.williams@owasp.org Justin Williams].
  
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-omaha|emailarchives=http://lists.owasp.org/pipermail/owasp-omaha}}
+
|mailinglistsite=https://groups.google.com/a/owasp.org/d/forum/omaha-chapte|emailarchives=http://lists.owasp.org/pipermail/owasp-omaha}}
 
 
 
 
 
 
  
 
== Chapter Meetings ==
 
== Chapter Meetings ==
Line 12: Line 9:
 
Follow us on Twitter!  https://www.twitter.com/owaspomaha
 
Follow us on Twitter!  https://www.twitter.com/owaspomaha
  
Typically, we meet at UNO's Peter Kiewit Institute over the noon hour during the last month of each quarter.
+
We combine our meetings with the monthly DC402 group once a quarter which occurs on the second Tuesday of the month.
 +
 
 +
 
 +
=== Next Chapter Meeting ===
 +
 
 +
==== Nov 12, 2019 - ELF Binary Analysis Introduction (combined meeting with DC402) ====
 +
'''Presenter:''' Michael Born
 +
 
 +
'''Description:'''
 +
 
 +
Michael will walk us through a beginner friendly lesson on analyzing 64-bit ELF binaries on Linux using built-in command line tools, debuggers like the Gnu Debugger and EDB, and will discuss the ELF Specification on 64-bit operating systems. During the talk, Michael will go over how to safely alter a malicious binary for dynamic analysis tasks, and will walk the audience through analyzing the disassembled binary. If you come early, and bring your own book, Michael will sign a copy of his new book. https://www.amazon.com/Binary-Analysis-Cookbook-Actionable-disassembling-ebook/dp/B07XYVJ3LN/ref=sr_1_3
 +
 
 +
'''Location:''' DJ's Dugout, 777 N 114th St, Omaha, NE 68154
 +
 
 +
'''CPEs:''' This presentation will count as a 1 hour of CPEs.
 +
 
 +
'''Notes:''' This event will be a pay as you go for food and beverage. Please don't forget to close your tab at the end of the meeting.
 +
 
 +
== Past Events / Presentations ==
 +
 
 +
=== Aug 24, 2018 - Exploiting CORS and Beyond ===
 +
'''Presenter:''' Adam Schaal
 +
 
 +
'''Description:'''
 +
 
 +
CORS. What is it good for? Absolutely nothing. In this OWASP discussion, we will cover what CORS is, why it is used in a lot of places today, and why it's a terrible, no-good, very bad thing in production. We will cover how to manually detect weak CORS policies and how to exploit said policies.
 +
 
 +
'''Parking:''' UNO's campus has open parking on Fridays. There is no need for permits or passes if you park on the surface lots near the building. 
 +
 
 +
'''Lunch:''' Lunch will be provided on a first come first serve basis. Please RSVP so we have a good count.
 +
 
 +
'''Room:''' We will be using PKI 279 for the talk. Doors will open at 11:45 AM
 +
 
 +
'''CPEs:''' This presentation will count as 1 hour of CPEs.
 +
 
 +
'''Streaming / Archive:''' We do not have plans to stream this session.
 +
 
 +
'''Signup / RSVP:''' https://www.eventbrite.com/e/owasp-omaha-exploiting-cors-and-beyond-tickets-48877631311
 +
 
 +
=== May 18, 2018 - A  no-nonsense look at applying machine learning to your WAF logs ===
 +
'''Presenter:''' Heather Lawrence, NARI
 +
 
 +
'''Description:'''
  
We also use Google+ Hangouts OnAir to stream our presentations live!
+
About Heather: A naval nuclear veteran, Heather Lawrence is pursuing her PhD in Computer Engineering from the University of Nebraska Lincoln where she works as a cyber data scientist with the Nebraska Applied Research Institute (NARI). Her current projects involve darknet marketplace data mining, adversarial machine learning, and anomaly detection. She serves the community as a B-Sides Orlando organizer, Defcon security goon, and tech meme connoisseur on Twitter.
  
 +
'''Parking:''' UNO's campus has open parking on Fridays. There is no need for permits or passes if you park on the surface lots near the buliding. 
  
== Past Events ==
+
'''Lunch:''' Lunch will be provided on a first come first serve basis. Please RSVP so we have a good count.
  
=== Thursday, April 30, 2015 - '''Web Services Testing Cheat Sheet''' ===
+
'''Room:''' We will be using PKI 279 for the talk. Doors will open at 11:45 AM
 +
 
 +
'''CPEs:''' This presentation will count as 1 hour of CPEs.
 +
 
 +
'''Streaming / Archive:''' We do not have plans to stream this session.
 +
 
 +
'''Signup / RSVP:''' https://www.eventbrite.com/e/owasp-omaha-a-no-nonsense-look-at-applying-machine-learning-to-your-waf-log-tickets-45386204359
 +
=== February 16, 2018 - Deserialization attacks with the JS for the lulz ===
 +
'''Presenter:''' Andy Freeborn, ACI Worldwide
 +
 
 +
'''Description:''' Deserialization attacks are a hot topic in security, but often times these attacks seem like magic. Exploitation of these attacks tend to happen in complex systems that require knowledge in the setup of all the things. To help you better understand why and how these attacks work, we’re using an intentionally broken system with a quick and easy setup. We’ll cover everything to look for in your personal assessments.
 +
 
 +
'''Parking:''' UNO's campus has open parking on Fridays. There is no need for permits or passes if you park on the surface lots near the buliding. 
 +
 
 +
'''Lunch:''' Lunch will be provided on a first come first serve basis. Please RSVP so we have a good count.
 +
 
 +
'''Room:''' We will be using PKI 279 for the talk. Doors will open at 11:45 AM
 +
 
 +
'''CPEs:''' This presentation will count as 1 hour of CPEs.
 +
 
 +
'''Streaming / Archive:''' We do not have plans to stream this session.
 +
 
 +
Signup / RSVP: https://www.eventbrite.com/e/owasp-omaha-deserialization-attacks-with-the-js-for-the-lulz-tickets-43002182686
 +
 
 +
'''Presentation Files''': https://drive.google.com/drive/folders/1tLk6L4m3Lb_dxkcahn5NYXSfU4oyJMdL?usp=sharing
 +
 
 +
===October, October 20, 2017===
 +
'''Presenter:''' Mike Douglas, Deliveron
 +
 
 +
'''Description''': Continuous Security Validation - Transformation from afterthought to continuously validating security every step of the process. See how we are using security at every step including automated pen tests with each check in using VSTS and OWASP ZAP docker containers in a CI/CD pipeline.
 +
 
 +
'''Slides:''' https://drive.google.com/drive/folders/0B4t_HSHrO2GxaHRuc2VtVkFTTUk?usp=sharing
 +
 
 +
===September, September 21, 2017===
 +
'''Where''': DJ's Dugout, 777 N 114th St, Omaha, NE 68154
 +
 
 +
'''When''': Thursday, September 21, 2017 from 3:30 PM to 5:00 PM
 +
 
 +
=== Thur August 25, 2017 - Single Sign-On Security ===
 +
 
 +
'''Presenter''': Joel Gunderson, Union Pacific<br>
 +
'''Description''': Joel will present on Single Sign-On Security from his perspective as a red team member at Union Pacific. Joel will focus specifically on SAML.<br>
 +
 
 +
'''Presentation''': https://drive.google.com/file/d/0B8UHsn2i5kmGb0JBSGVxOGZtV0tnbUpFZWgwMTkxUnp5dkVR/view?usp=sharing
 +
 
 +
=== Thur June 15, 2017 - IREM Nebraska Membership Lunch Talk  ===
 +
 
 +
'''Presenter''': John Rogers, Lincoln Financial, OWASP Omaha<br>
 +
'''Description''': John will present on Cyber Security topics for Real Estate Professionals<br>
 +
 
 +
'''Presentations''': https://drive.google.com/file/d/0Bw2xJWT-Q7YKazIycmFpQXBmQW8/view?usp=sharing
 +
 
 +
=== Wed May 24, 2017 - OWASP Presentations - Lightning Talks  ===
 +
 
 +
'''Presenter''': John Rogers, Lincoln Financial, OWASP Omaha<br>
 +
'''Description''': John will present on a Framework for performing Enterprise Application Security Assessments<br>
 +
 
 +
'''Presenter''': Michael Born, NTT Security (US), Inc., OWASP Omaha<br>
 +
'''Description''': Michael will present on an Intro to Kali Linux<br>
 +
 
 +
'''Presentations''': John Rogers: https://drive.google.com/file/d/0Bw2xJWT-Q7YKVEFvZC1mTHdsbTQ/view?usp=sharing
 +
 
 +
=== Wed Mar 22, 2017 - OWASP Presentations - Lightning Talks ===
 +
 
 +
'''Presenter''': Justin Williams, American Title, OWASP Omaha<br>
 +
'''Description''': Justin will present on deobfuscating VB macro based malware.<br>
 +
 
 +
'''Presenter''': Michael Born, NTT Security (US), Inc., OWASP Omaha<br>
 +
'''Description''': Michael will present on dissecting unknown shellcode<br>
 +
 
 +
'''Presentations''': https://drive.google.com/open?id=0B4t_HSHrO2GxZC1sVzJZcGlqbXc
 +
 
 +
=== Thur Feb 16, 2017 - ISACA Omaha Chapter Lunch Talk  ===
 +
 
 +
'''Presenter''': John Rogers, Lincoln Financial, OWASP Omaha<br>
 +
'''Description''': John will present on Vendor Security Assessments<br>
 +
 
 +
'''Presentations''': https://drive.google.com/file/d/0Bw2xJWT-Q7YKZlhVZVNHUERobDQ/view?usp=sharing
 +
 
 +
=== Fri Dec 9, 2016 - OWASP Presentations - Lighting Talks ===
 +
 
 +
'''Presenter''': Andrew Freeborn, Tenable<br>
 +
'''Description''': Andrew will present on research he's been doing using SWAMP.<br>
 +
 
 +
'''Presenter''': John Rogers, Lincoln Financial Group (LFG)<br>
 +
'''Description''': John will present on Automating ZAP with Python and Jenkins.<br>
 +
 
 +
'''Presenter''': Michael Born, NTT Security (US), Inc.<br>
 +
'''Description''': Michael will present on lessons learned while teaching classes at OWASP AppSec conferences.<br>
 +
 
 +
'''Presentations''': https://drive.google.com/open?id=0B4t_HSHrO2Gxcm1nOUtPRG5wVmc
 +
 
 +
=== Thur Sep 29, 2016 - OWASP Presentations - Nebraska Cyber Security Conference ===
 +
 
 +
'''Presenter''': John Rogers, LFG<br>
 +
'''Description''': John Rogers will give a presentation that introduces OWASP and discusses the requirements and pitfalls of vendor security assessments.<br>
 +
'''Presentation''': https://drive.google.com/open?id=0Bw2xJWT-Q7YKSE5tekVMelBlY3c
 +
 
 +
'''Presenter''': Justin Williams, American Title<br>
 +
'''Description''': Justin Williams of American Title Inc. will give a warm up on Powershell for the sysadmin and future pen-tester, including a demo on obtaining a reverse shell.  Justin has a background in systems administration and works for American Titile as a Security Analyst.<br>
 +
'''Presentation''': https://drive.google.com/open?id=0B2ZXN-dDkIy0MERyZFExNDBJOFE<br>
 +
 
 +
'''Presenter''': Ron Woerner, Bellevue University<br>
 +
'''Description''': Ron Woerner will discuss and demo common tools used cybersecurity assessments, investigations, and administration.  Ron Woerner is a professor of cybersecurity studies at Bellevue University working to prepare future professionals for the security industry.<br>
 +
'''Presentation''': https://drive.google.com/drive/folders/0BzwQjnDmptwfYU9TS2VBS3VqZ28<br>
 +
 
 +
=== Tues Aug 18, 2016 - Chapter Meeting - Powershell ===
 +
 
 +
'''Presenter''': Justin Williams, American Title<br>
 +
'''Description''': Justin Williams of American Title Inc. will give a warm up on Powershell for the sysadmin and future pen-tester, including a demo on obtaining a reverse shell.  Justin has a background in systems administration and works for American Titile as a Security Analyst.
 +
 
 +
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.  <br>
 +
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 +
'''RSVP for Food Counts''': https://www.eventbrite.com/e/chapter-meeting-powershell-tickets-27105181327<br>
 +
'''Lunch''': Lunch will be provided by the College of IS&T (so please RSVP).  <br>
 +
'''Parking''': Free and open parking at UNO during this event.<br>
 +
'''CPEs''': This lab will count as 1-hr of credit. Please be sure to sign in when you arrive.<br>
 +
'''Streaming''': No plans to stream this meeting.<br>
 +
'''Presentation''': https://drive.google.com/folderview?id=0B4t_HSHrO2GxQ0xpTXRuQUxraVU<br>
 +
 
 +
=== Tues Nov 17, 2015 - Chapter Meeting - Offensive Python - Hands-On Lab ===
 +
 
 +
'''Presenter''': Michael Born, Solutionary<br>
 +
'''Description''': OWASP Omaha's own Michael Born gave a technical workshop at AppSec 2015 on Offensive Python.  He will be bringing that presentation back to Omaha as a hands-on lab for a November chapter meeting.
 +
 
 +
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 276.  <br>
 +
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 +
'''RSVP for Food Counts''': https://www.eventbrite.com/e/chapter-meeting-offensive-python-hands-on-lab-tickets-19321744859<br>
 +
'''Lunch''': Lunch will be provided by the College of IS&T (so please RSVP).  <br>
 +
'''Parking''': Visitors display the parking pass and park in Lot 4 - the Faculty lot on the south side of the PKI building.  Email [email protected] for the pass if you did not receive it via our mailing list.<br>
 +
'''Lab Environment''': Guests are asked to bring a laptop pre-loaded with the lab VM and a Kali VM configured for a host-only environment.<br> Download lab materials here https://drive.google.com/folderview?id=0B4t_HSHrO2GxYTFydnRneTJwLWs&usp=sharing<br>
 +
'''CPEs''': This lab will count as 1-hr of credit. Please be sure to sign in when you arrive.<br>
 +
'''Streaming''': View the video here: https://www.youtube.com/watch?v=a6_kCzQ3Yyg<br>
 +
 
 +
=== Thursday, October 29, 2015 - OWASP / ISC2 Networking Event ===
 +
 
 +
'''Description''': Come on out and join OWASP and ISC2 together to share stories and network in our local AppSec community! Solutionary will sponsor some food and drink for the meeting, too! <br>
 +
'''Location''': Scriptown, 3922 Farnam St, Omaha, NE 68131 <br>
 +
'''Time''': 4-7PM<br>
 +
RSVP for counts at EventBrite:  https://www.eventbrite.com/e/owasp-isc2-networking-event-tickets-18863480177<br>
 +
 
 +
=== Wednesday, October 14, 2015 - OWASP Soup to Nuts - UNL: National Cyber Security Awareness Month ===
 +
 
 +
'''Presenters''': John Rogers CISSP GWAPT GSSP-JAVA: Lincoln Financial Group, Zac Fowler: University of Nebraska at Omaha <br>
 +
'''Description''': Welcome to OWASP! This presentation is an introduction to OWASP- its mission, some of its projects, and upcoming local chapter meetings. <br>
 +
'''Location''': , University of Nebraska-Lincoln: City Campus Union: Regency A Room<br>
 +
'''Time''': 11:30 AM - 12:30 PM (1 Hour)<br>
 +
'''Event Link''': http://its.unl.edu/security/national-cyber-security-month <br>
 +
Presentation: https://drive.google.com/a/owasp.org/file/d/0Bw2xJWT-Q7YKTmtPd001V2QxUEU/view?usp=sharing<br>
 +
 
 +
=== Wednesday, September 30, 2015 - OWASP Soup to Nuts - OCIO Presentation ===
 +
 
 +
'''Presenters''': John Rogers: Lincoln Financial Group, Zac Fowler: University of Nebraska at Omaha <br>
 +
'''Description''': Welcome to OWASP! This presentation is an introduction to OWASP- its mission, some of its projects, and upcoming local chapter meetings. <br>
 +
'''Location''': Nebraska Cyber Security Conference, hosted by the NE Office of the CIO; Southeast Community College, Lincoln NE  <br>
 +
'''Time''': 1:45 PM breakout session.<br>
 +
Presentation: https://drive.google.com/a/owasp.org/folderview?id=0B4t_HSHrO2GxRXAzbDhybE5vZXc&usp=sharing<br>
 +
 
 +
=== Thursday, April 30, 2015 - Web Services Testing Cheat Sheet ===
  
 
'''Presenter''': Michael Born: Lincoln Financial Group <br>
 
'''Presenter''': Michael Born: Lincoln Financial Group <br>
Line 26: Line 224:
 
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 
'''Parking''':  Contact zac dot fowler at owasp dot org if you need a temporary parking pass for UNO's campus.<br>
 
'''Parking''':  Contact zac dot fowler at owasp dot org if you need a temporary parking pass for UNO's campus.<br>
'''RSVP for Food Counts''': https://www.eventbrite.com/e/intro-to-a-new-web-services-testing-cheat-sheet-tickets-16714902724'''<br>
+
'''RSVP for Food Counts''': https://www.eventbrite.com/e/intro-to-a-new-web-services-testing-cheat-sheet-tickets-16714902724'''<br>'''
 
'''Lunch''': Pizza will be provided by the College of IS&T (so please RSVP).  <br>
 
'''Lunch''': Pizza will be provided by the College of IS&T (so please RSVP).  <br>
 
'''CPEs''': We've been asked about CPEs for those who have attended online.  At this time we (as a chapter) don't have a mechanism to validate CPEs while you watch remotely without extra effort.  We're trusting our audience is an honest bunch, so if you join via the Hangout this month, shoot an email to zac dot fowler at owasp.org right after the event.  It would be good to include a line or two so we know you were listening.  We can add that to our meeting CPE roster for audit purposes.  Thanks for understanding! <br>
 
'''CPEs''': We've been asked about CPEs for those who have attended online.  At this time we (as a chapter) don't have a mechanism to validate CPEs while you watch remotely without extra effort.  We're trusting our audience is an honest bunch, so if you join via the Hangout this month, shoot an email to zac dot fowler at owasp.org right after the event.  It would be good to include a line or two so we know you were listening.  We can add that to our meeting CPE roster for audit purposes.  Thanks for understanding! <br>
Line 32: Line 230:
 
Google Hangout Event Page: https://plus.google.com/events/cnn1ktp90jsrcdlsm567hjlkbq4<br>
 
Google Hangout Event Page: https://plus.google.com/events/cnn1ktp90jsrcdlsm567hjlkbq4<br>
 
Youtube link: http://www.youtube.com/watch?v=iVLGskMZJSw
 
Youtube link: http://www.youtube.com/watch?v=iVLGskMZJSw
 +
<br>
  
 
+
=== Thursday, Dec 18, 2014 - Visit the SWAMP ===
=== Thursday, Dec 18, 2014 - '''Visit the SWAMP''' ===
 
  
 
'''Presenter''': SWAP Leadership Team <br>
 
'''Presenter''': SWAP Leadership Team <br>
Line 43: Line 241:
  
 
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.  <br>
 
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.  <br>
'''CPEs''': We've been asked about CPEs for those who have attended online.  At this time we (as a chapter) don't have a mechanism to validate CPEs while you watch remotely without extra effort.  We're trusting our audience is an honest bunch, so if you join via the WebEx this month, shoot an email to zac dot fowler at owasp.org right after the event.  It would be good to include a line or two so we know you were listening.  We can add that to our meeting CPE roster for audit purposes.  Thanks for understanding!
+
'''CPEs''': We've been asked about CPEs for those who have attended online.  At this time we (as a chapter) don't have a mechanism to validate CPEs while you watch remotely without extra effort.  We're trusting our audience is an honest bunch, so if you join via the WebEx this month, shoot an email to zac dot fowler at owasp.org right after the event.  It would be good to include a line or two so we know you were listening.  We can add that to our meeting CPE roster for audit purposes.  Thanks for understanding! <br>
'''WebEx Details'''
+
'''WebEx Details''': Screencap available soon. <br>
Screencap available soon.
 
 
SWAMP notes available at https://docs.google.com/document/d/1zew3VdaIFWxYolj8qO3Rg5IKxp_pPBqFZNC1zpFfxAw/edit?usp=sharing
 
SWAMP notes available at https://docs.google.com/document/d/1zew3VdaIFWxYolj8qO3Rg5IKxp_pPBqFZNC1zpFfxAw/edit?usp=sharing
 +
<br>
  
 
+
=== Wed Nov 19, 2014 - NEbraskaCERT CSF Joint Meeting - Security Q&A Panel ===
=== Wed Nov 19, 2014 - '''NEbraskaCERT CSF Joint Meeting - Security Q&A Panel''' ===
 
  
 
Hosted by NEbraskaCERT
 
Hosted by NEbraskaCERT
Line 73: Line 270:
  
 
Note #2: This is the last NEbraskaCERT event for the year.  They'll be taking December off as usual.  NEbraskaCERT regular meetings will continue to be held on the third Wednesday of each month, starting again in the new year.  
 
Note #2: This is the last NEbraskaCERT event for the year.  They'll be taking December off as usual.  NEbraskaCERT regular meetings will continue to be held on the third Wednesday of each month, starting again in the new year.  
 +
<br>
  
 
+
=== Thu Oct 9, 2014 - Securing Android: Tips from a First-Time Builder and OWASP Put to the Test ===
=== Thu Oct 9, 2014 - '''Securing Android: Tips from a First-Time Builder and OWASP Put to the Test''' ===
 
  
 
'''Presenter''': Zac Fowler, UNO's College of Information Science and Technology <br>
 
'''Presenter''': Zac Fowler, UNO's College of Information Science and Technology <br>
Line 83: Line 280:
 
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.  <br>
 
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.  <br>
 
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
'''RSVP for Food Counts''': https://www.eventbrite.com/e/securing-android-tips-from-a-first-time-builder-and-owasp-put-to-the-test-tickets-13407611527'''<br>
+
'''RSVP for Food Counts''': https://www.eventbrite.com/e/securing-android-tips-from-a-first-time-builder-and-owasp-put-to-the-test-tickets-13407611527'''<br>'''
 
'''Lunch''': Pizza will be provided by the College of IS&T (so please RSVP).  <br>
 
'''Lunch''': Pizza will be provided by the College of IS&T (so please RSVP).  <br>
 
'''Slides''': Presentation materials can be found here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxeGxaTmhRdDNISGc&usp=sharing<br>
 
'''Slides''': Presentation materials can be found here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxeGxaTmhRdDNISGc&usp=sharing<br>
 
'''Video''': Video for the event can be found here: http://youtu.be/6LsxjRPAogM?t=7m59s
 
'''Video''': Video for the event can be found here: http://youtu.be/6LsxjRPAogM?t=7m59s
 
+
<br>
 
 
=== Thu June 12, 2014 - '''OWASP in Payment Card Security:  Secure Coding, OWASP, and PCI 3.0 DSS Requirement 6''' ===
+
=== Thu June 12, 2014 - OWASP in Payment Card Security:  Secure Coding, OWASP, and PCI 3.0 DSS Requirement 6 ===
  
'''Presenter''': Rob Temple, Joel vanBrandwijk, and Ryan Misek from Mutual of Omaha
+
'''Presenter''': Rob Temple, Joel vanBrandwijk, and Ryan Misek from Mutual of Omaha <br>
 
'''Description''': Data breaches and payment card compromises are more frequent, high-profile, and damaging.  The every day consumer has been hit by large data breaches at Target, Michaels, and Aaron Brothers, among others.  People all around us can testify to the effects of millions of credit cards in the wrong hands.  It has become commonplace.  
 
'''Description''': Data breaches and payment card compromises are more frequent, high-profile, and damaging.  The every day consumer has been hit by large data breaches at Target, Michaels, and Aaron Brothers, among others.  People all around us can testify to the effects of millions of credit cards in the wrong hands.  It has become commonplace.  
  
Line 100: Line 297:
 
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room **164**.  <br>
 
'''Location''': The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room **164**.  <br>
 
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
'''RSVP for Food Counts''': https://www.eventbrite.com/e/owasp-in-payment-card-security-secure-coding-owasp-pci-30-dss-req-6-tickets-11741110979'''<br>
+
'''RSVP for Food Counts''': https://www.eventbrite.com/e/owasp-in-payment-card-security-secure-coding-owasp-pci-30-dss-req-6-tickets-11741110979'''<br>'''
 
'''Parking and lunch''': Pizza will be provided by the College of IS&T (so please RSVP).  Contact zac dot fowler at owasp dot org if you need a parking pass.<br>
 
'''Parking and lunch''': Pizza will be provided by the College of IS&T (so please RSVP).  Contact zac dot fowler at owasp dot org if you need a parking pass.<br>
 
'''Google+ Hangout''': Watch the video here: https://www.youtube.com/watch?v=oe2ngtR2mJU
 
'''Google+ Hangout''': Watch the video here: https://www.youtube.com/watch?v=oe2ngtR2mJU
  
 
Slides available here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxRHpDc2tGZ2szZUk&usp=sharing
 
Slides available here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxRHpDc2tGZ2szZUk&usp=sharing
 +
<br>
  
 +
=== Sat Mar 29 2014 - Web Application Security - So many tools, so little time Redux===
  
=== Sat Mar 29 2014 - '''Web Application Security - So many tools, so little time Redux'''===
+
'''Presenter''': John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group <br>
 
 
'''Presenter''': John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
 
 
'''Description''': This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.
 
'''Description''': This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.
  
 
John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group.  Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc.  John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries.  John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska <br>
 
John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group.  Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc.  John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries.  John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska <br>
'''Location''': Nebraska Code Camp 2014
+
'''Location''': Nebraska Code Camp 2014 <br>
 
'''Note''': This is a talk at the Nebraska Code Camp - http://nebraskacodecamp.com
 
'''Note''': This is a talk at the Nebraska Code Camp - http://nebraskacodecamp.com
 +
<br>
  
 +
===  Thu Mar 13, 2014 - Vetting Third Party Vendor Applications ===
  
=== Thu Dec 5, 2013 - '''Mobile Application Security Assessments''' ===
+
'''Presenter''': John Rogers<br>
 
+
'''Description''': This presentation will discuss how to acquire and validate information that will provide assurance that your third party vendor applications adhere to your standards and are free from the common web application vulnerabilities.  The discussion will also include what basic requirements are needed to accept a web application security assessment report from an independent security assessment firm.
'''Presenter''': Michael Born, Solutionary
 
'''Description''': As the world becomes increasingly more 'connected', our digital lives get transmitted through various types of applications including mobile devices. Besides that, the bring your own device debate among security professionals within corporate enterprise environments, maintaining confidentiality, availability, and integrity of data transmitted through these devices must be a continued focus of the security community.
 
 
 
In this presentation, Michael Born, an Associate Security Consultant with Solutionary will walk through a step by step demonstration of setting up and performing a mobile application security assessment on both Android and iOS. Included in the presentation will be an example iOS Security Assessment performed by Michael along with a hands on walk through of a Jailbroken iOS device file system.
 
 
 
<p>Check out a warm-up video at our youtube channel: http://www.youtube.com/watch?v=VRnj816ec-8. This video walks through some set up step so that we're on the same page for the presentation!</p>
 
<br/>-Peter Kiewit Institute, 1110 S. 67th Street, Omaha, NE 68182, Room 279.  12:00 - 1:00 PM. The room will open at 11:45AM.
 
<br/>-Pizza will be provided on a first-come first-serve basis
 
<br/>-UNO has open parking that week, so you will not need to worry about obtaining a pass.
 
 
 
RSVP on EventBrite</b> at http://www.eventbrite.com/e/mobile-application-security-assessments-tickets-9326244047?aff=eorg
 
 
 
 
 
===  Thu Mar 13, 2014 - '''Vetting Third Party Vendor Applications''' ===
 
 
 
Presenter: John Rogers<br>
 
This presentation will discuss how to acquire and validate information that will provide assurance that your third party vendor applications adhere to your standards and are free from the common web application vulnerabilities.  The discussion will also include what basic requirements are needed to accept a web application security assessment report from an independent security assessment firm.
 
 
<br>
 
<br>
<bR>
 
 
John will hit points covering:
 
John will hit points covering:
 
<br>
 
<br>
Line 144: Line 325:
 
- 3rd Party Vendor Application Security Standards
 
- 3rd Party Vendor Application Security Standards
  
'''Location''': -Peter Kiewit Institute, 1110 S. 67th Street, Omaha, NE 68182, Room 350. <br>
+
'''Location''': -Peter Kiewit Institute, 1110 S. 67th Street, Omaha, NE 68182, Room 350. <br>
 
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 
'''Time''': 12:00 - 1:00 PM. The room will open at 11:45AM.<br>
 
+
'''RSVP''': EventBrite at https://www.eventbrite.com/e/vetting-third-party-vendor-applications-tickets-9617944531 <br>
<b>RSVP on EventBrite</b> at https://www.eventbrite.com/e/vetting-third-party-vendor-applications-tickets-9617944531 </b>
+
'''Parking''': Email [email protected] for a parking pass for the talk.  **A copy was attached on the reminder sent to OWASP Omaha mailing list -- check your inbox. <br>
 
 
'''Parking''': Email [email protected] for a parking pass for the talk.  **A copy was attached on the reminder sent to OWASP Omaha mailing list -- check your inbox.
 
 
 
 
'''Screencast''': Google+ Hangout link will be posted prior to start via OWASP Omaha mailing list and twitter feed.  Here's the link: http://youtu.be/Z5gcT53Wydc
 
'''Screencast''': Google+ Hangout link will be posted prior to start via OWASP Omaha mailing list and twitter feed.  Here's the link: http://youtu.be/Z5gcT53Wydc
 
 
""Files"": You can download the files from this presentation here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxZ1N6OUxVYXE2Q2M&usp=sharing
 
""Files"": You can download the files from this presentation here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxZ1N6OUxVYXE2Q2M&usp=sharing
 +
<br>
  
 +
=== Thu Dec 5, 2013 - Mobile Application Security Assessments ===
  
=== Thu Sep 12, 2013 - '''The OWASP Way: Understanding the OWASP Vision and the Top Ten''' ===
+
'''Presenter''': Michael Born, Solutionary <br>
 +
'''Description''': As the world becomes increasingly more 'connected', our digital lives get transmitted through various types of applications including mobile devices. Besides that, the bring your own device debate among security professionals within corporate enterprise environments, maintaining confidentiality, availability, and integrity of data transmitted through these devices must be a continued focus of the security community.
  
<br/>Presenter, Scott Christiansen, Software Security Engineer, TD Ameritrade
+
In this presentation, Michael Born, an Associate Security Consultant with Solutionary will walk through a step by step demonstration of setting up and performing a mobile application security assessment on both Android and iOS. Included in the presentation will be an example iOS Security Assessment performed by Michael along with a hands on walk through of a Jailbroken iOS device file system.
  
<p>
+
<p>Check out a warm-up video at our youtube channel: http://www.youtube.com/watch?v=VRnj816ec-8. This video walks through some set up step so that we're on the same page for the presentation!</p>
Scott a Software Security Engineer for TD Ameritrade.  In this role he provides static and dynamic application assessments for over 250 TD Ameritrade front end, back end and mobile applications.  Prior to this Scott was the Lead Analyst for TD Ameritrade’s Security Event Center which coordinates incident response within TD Ameritrade.  In addition to this Scott is also an Adjunct Instructor for ITT Technical Institute’s Bachelors of Information Security program, and an adjunct Professor for Bellevue University’s Masters of Cyber Security Program.  Prior to his current role with Scott was the Chief Security Officer for the Leo A Daly Company.  Scott is also a Past President of Nebraska InfraGard, and a graduate of the FBI Citizen’s Academy.  Scott received his Bachelor’s Degree in 2003 from Bellevue University in Business Information Systems and his Master’s Degree from the University of Nebraska Omaha in the Management of Information Systems.  Upon Graduation Scott was the recipient of the 2007-2008 Outstanding Graduate Student in Information Systems & Quantitative Analysis.  Scott is a current CISSP holder in addition to numerous other certification’s from CompTIA and Microsoft.
+
<br />-Peter Kiewit Institute, 1110 S. 67th Street, Omaha, NE 68182, Room 279. 12:00 - 1:00 PM. The room will open at 11:45AM.
 
+
<br />-Pizza will be provided on a first-come first-serve basis
</p>
+
<br />-UNO has open parking that week, so you will not need to worry about obtaining a pass.
  
Time & Location: Thursday, Sept 12th, 12PM.  TriPointe Coffeehouse, http://tripointecoffeehouse.com/, 138 N. Washington Street  Papillion, NE 68046
+
RSVP on EventBrite at http://www.eventbrite.com/e/mobile-application-security-assessments-tickets-9326244047?aff=eorg<br>
  
[https://www.owasp.org/images/4/40/OWASP_Vision_and_Top_Ten_-_Sept_12_-_Scott_Christiansen.pptx Download Scott's Slides]
+
=== Thu Sep 12, 2013 - The OWASP Way: Understanding the OWASP Vision and the Top Ten ===
  
 +
'''Presenter''': Scott Christiansen, Software Security Engineer, TD Ameritrade <br>
 +
'''Description''': Scott a Software Security Engineer for TD Ameritrade.  In this role he provides static and dynamic application assessments for over 250 TD Ameritrade front end, back end and mobile applications.  Prior to this Scott was the Lead Analyst for TD Ameritrade’s Security Event Center which coordinates incident response within TD Ameritrade.  In addition to this Scott is also an Adjunct Instructor for ITT Technical Institute’s Bachelors of Information Security program, and an adjunct Professor for Bellevue University’s Masters of Cyber Security Program.  Prior to his current role with Scott was the Chief Security Officer for the Leo A Daly Company.  Scott is also a Past President of Nebraska InfraGard, and a graduate of the FBI Citizen’s Academy.  Scott received his Bachelor’s Degree in 2003 from Bellevue University in Business Information Systems and his Master’s Degree from the University of Nebraska Omaha in the Management of Information Systems.  Upon Graduation Scott was the recipient of the 2007-2008 Outstanding Graduate Student in Information Systems & Quantitative Analysis.  Scott is a current CISSP holder in addition to numerous other certification’s from CompTIA and Microsoft. <br>
  
=== Thu Jun 6, 2013 - '''Web Application Security - So many tools, so little time'''===
+
Time & Location: Thursday, Sept 12th, 12PM.  TriPointe Coffeehouse, http://tripointecoffeehouse.com/, 138 N. Washington Street  Papillion, NE 68046
 +
[https://www.owasp.org/images/4/40/OWASP_Vision_and_Top_Ten_-_Sept_12_-_Scott_Christiansen.pptx Download Scott's Slides]<br>
  
<br/>Presenter, John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
+
=== Thu Jun 6, 2013 - Web Application Security - So many tools, so little time===
  
This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.
+
'''Presenter''': John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group <br>
 +
'''Description''': This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.
  
John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group.  Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc.  John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries.  John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska
+
John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group.  Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc.  John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries.  John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska <br>
  
 
Time & Location: Thursday, June 6, 12PM.  Peter Kiewit Institute, Room 279.  (67th and Pacific in Omaha)
 
Time & Location: Thursday, June 6, 12PM.  Peter Kiewit Institute, Room 279.  (67th and Pacific in Omaha)
RSVP and view more details on our EventBrite page: https://www.eventbrite.com/event/6952516163
+
RSVP and view more details on our EventBrite page: https://www.eventbrite.com/event/6952516163<br>
 
 
 
 
=== Thu Mar 7, 2013 - '''Welcome to OWASP Omaha!''' ===
+
=== Thu Mar 7, 2013 - Welcome to OWASP Omaha! ===
 
 
<br/>-Presenters, OWASP Omaha Chapter Leadership
 
<br/>-Thursday, March 7th, 12:00 noon - 1:00 P.M., Bellevue University
 
<br/>-Durham Student Center (building #6). Park in Lot D.  Check out the map here: [http://www.bellevue.edu/about/content/images/map-of-main-campus.jpg]. 
 
<br/>-Meet the chapter leaders and learn more about OWASP Omaha
 
<br/>
 
  
 +
'''Presenters''': OWASP Omaha Chapter Leadership <br>
 +
'''Description''': Meet the chapter leaders and learn more about OWASP Omaha <br>
 +
'''Date & Time''': Thursday, March 7th, 12:00 noon - 1:00 P.M. <br>
 +
'''Location''': Bellevue University: Durham Student Center (building #6). Park in Lot D.  Check out the map here: [http://www.bellevue.edu/about/content/images/map-of-main-campus.jpg]. <br>
  
 
== Upcoming Events ==
 
== Upcoming Events ==
  
 
+
'''Q4, 2019 - Next Chapter Meeting TBD'''
  
 
[[Category:Nebraska]]
 
[[Category:Nebraska]]
  
 
[[Category:OWASP Chapter|Omaha]]
 
[[Category:OWASP Chapter|Omaha]]

Latest revision as of 16:34, 22 November 2019

OWASP Omaha

Welcome to the Omaha chapter homepage. The chapter leaders are Michael Born, Dave Pinos, John Rogers, Zac Fowler, Rob Temple, Fred Donovan, and Justin Williams.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Chapter Meetings

Everyone is welcome to join us at our chapter meetings!

Follow us on Twitter! https://www.twitter.com/owaspomaha

We combine our meetings with the monthly DC402 group once a quarter which occurs on the second Tuesday of the month.


Next Chapter Meeting

Nov 12, 2019 - ELF Binary Analysis Introduction (combined meeting with DC402)

Presenter: Michael Born

Description:

Michael will walk us through a beginner friendly lesson on analyzing 64-bit ELF binaries on Linux using built-in command line tools, debuggers like the Gnu Debugger and EDB, and will discuss the ELF Specification on 64-bit operating systems. During the talk, Michael will go over how to safely alter a malicious binary for dynamic analysis tasks, and will walk the audience through analyzing the disassembled binary. If you come early, and bring your own book, Michael will sign a copy of his new book. https://www.amazon.com/Binary-Analysis-Cookbook-Actionable-disassembling-ebook/dp/B07XYVJ3LN/ref=sr_1_3

Location: DJ's Dugout, 777 N 114th St, Omaha, NE 68154

CPEs: This presentation will count as a 1 hour of CPEs.

Notes: This event will be a pay as you go for food and beverage. Please don't forget to close your tab at the end of the meeting.

Past Events / Presentations

Aug 24, 2018 - Exploiting CORS and Beyond

Presenter: Adam Schaal

Description:

CORS. What is it good for? Absolutely nothing. In this OWASP discussion, we will cover what CORS is, why it is used in a lot of places today, and why it's a terrible, no-good, very bad thing in production. We will cover how to manually detect weak CORS policies and how to exploit said policies.

Parking: UNO's campus has open parking on Fridays. There is no need for permits or passes if you park on the surface lots near the building. 

Lunch: Lunch will be provided on a first come first serve basis. Please RSVP so we have a good count.

Room: We will be using PKI 279 for the talk. Doors will open at 11:45 AM

CPEs: This presentation will count as 1 hour of CPEs.

Streaming / Archive: We do not have plans to stream this session.

Signup / RSVP: https://www.eventbrite.com/e/owasp-omaha-exploiting-cors-and-beyond-tickets-48877631311

May 18, 2018 - A  no-nonsense look at applying machine learning to your WAF logs

Presenter: Heather Lawrence, NARI

Description:

About Heather: A naval nuclear veteran, Heather Lawrence is pursuing her PhD in Computer Engineering from the University of Nebraska Lincoln where she works as a cyber data scientist with the Nebraska Applied Research Institute (NARI). Her current projects involve darknet marketplace data mining, adversarial machine learning, and anomaly detection. She serves the community as a B-Sides Orlando organizer, Defcon security goon, and tech meme connoisseur on Twitter.

Parking: UNO's campus has open parking on Fridays. There is no need for permits or passes if you park on the surface lots near the buliding. 

Lunch: Lunch will be provided on a first come first serve basis. Please RSVP so we have a good count.

Room: We will be using PKI 279 for the talk. Doors will open at 11:45 AM

CPEs: This presentation will count as 1 hour of CPEs.

Streaming / Archive: We do not have plans to stream this session.

Signup / RSVP: https://www.eventbrite.com/e/owasp-omaha-a-no-nonsense-look-at-applying-machine-learning-to-your-waf-log-tickets-45386204359

February 16, 2018 - Deserialization attacks with the JS for the lulz

Presenter: Andy Freeborn, ACI Worldwide

Description: Deserialization attacks are a hot topic in security, but often times these attacks seem like magic. Exploitation of these attacks tend to happen in complex systems that require knowledge in the setup of all the things. To help you better understand why and how these attacks work, we’re using an intentionally broken system with a quick and easy setup. We’ll cover everything to look for in your personal assessments.

Parking: UNO's campus has open parking on Fridays. There is no need for permits or passes if you park on the surface lots near the buliding. 

Lunch: Lunch will be provided on a first come first serve basis. Please RSVP so we have a good count.

Room: We will be using PKI 279 for the talk. Doors will open at 11:45 AM

CPEs: This presentation will count as 1 hour of CPEs.

Streaming / Archive: We do not have plans to stream this session.

Signup / RSVP: https://www.eventbrite.com/e/owasp-omaha-deserialization-attacks-with-the-js-for-the-lulz-tickets-43002182686

Presentation Files: https://drive.google.com/drive/folders/1tLk6L4m3Lb_dxkcahn5NYXSfU4oyJMdL?usp=sharing

October, October 20, 2017

Presenter: Mike Douglas, Deliveron

Description: Continuous Security Validation - Transformation from afterthought to continuously validating security every step of the process. See how we are using security at every step including automated pen tests with each check in using VSTS and OWASP ZAP docker containers in a CI/CD pipeline.

Slides: https://drive.google.com/drive/folders/0B4t_HSHrO2GxaHRuc2VtVkFTTUk?usp=sharing

September, September 21, 2017

Where: DJ's Dugout, 777 N 114th St, Omaha, NE 68154

When: Thursday, September 21, 2017 from 3:30 PM to 5:00 PM

Thur August 25, 2017 - Single Sign-On Security

Presenter: Joel Gunderson, Union Pacific
Description: Joel will present on Single Sign-On Security from his perspective as a red team member at Union Pacific. Joel will focus specifically on SAML.

Presentation: https://drive.google.com/file/d/0B8UHsn2i5kmGb0JBSGVxOGZtV0tnbUpFZWgwMTkxUnp5dkVR/view?usp=sharing

Thur June 15, 2017 - IREM Nebraska Membership Lunch Talk

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: John will present on Cyber Security topics for Real Estate Professionals

Presentations: https://drive.google.com/file/d/0Bw2xJWT-Q7YKazIycmFpQXBmQW8/view?usp=sharing

Wed May 24, 2017 - OWASP Presentations - Lightning Talks

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: John will present on a Framework for performing Enterprise Application Security Assessments

Presenter: Michael Born, NTT Security (US), Inc., OWASP Omaha
Description: Michael will present on an Intro to Kali Linux

Presentations: John Rogers: https://drive.google.com/file/d/0Bw2xJWT-Q7YKVEFvZC1mTHdsbTQ/view?usp=sharing

Wed Mar 22, 2017 - OWASP Presentations - Lightning Talks

Presenter: Justin Williams, American Title, OWASP Omaha
Description: Justin will present on deobfuscating VB macro based malware.

Presenter: Michael Born, NTT Security (US), Inc., OWASP Omaha
Description: Michael will present on dissecting unknown shellcode

Presentations: https://drive.google.com/open?id=0B4t_HSHrO2GxZC1sVzJZcGlqbXc

Thur Feb 16, 2017 - ISACA Omaha Chapter Lunch Talk

Presenter: John Rogers, Lincoln Financial, OWASP Omaha
Description: John will present on Vendor Security Assessments

Presentations: https://drive.google.com/file/d/0Bw2xJWT-Q7YKZlhVZVNHUERobDQ/view?usp=sharing

Fri Dec 9, 2016 - OWASP Presentations - Lighting Talks

Presenter: Andrew Freeborn, Tenable
Description: Andrew will present on research he's been doing using SWAMP.

Presenter: John Rogers, Lincoln Financial Group (LFG)
Description: John will present on Automating ZAP with Python and Jenkins.

Presenter: Michael Born, NTT Security (US), Inc.
Description: Michael will present on lessons learned while teaching classes at OWASP AppSec conferences.

Presentations: https://drive.google.com/open?id=0B4t_HSHrO2Gxcm1nOUtPRG5wVmc

Thur Sep 29, 2016 - OWASP Presentations - Nebraska Cyber Security Conference

Presenter: John Rogers, LFG
Description: John Rogers will give a presentation that introduces OWASP and discusses the requirements and pitfalls of vendor security assessments.
Presentation: https://drive.google.com/open?id=0Bw2xJWT-Q7YKSE5tekVMelBlY3c

Presenter: Justin Williams, American Title
Description: Justin Williams of American Title Inc. will give a warm up on Powershell for the sysadmin and future pen-tester, including a demo on obtaining a reverse shell. Justin has a background in systems administration and works for American Titile as a Security Analyst.
Presentation: https://drive.google.com/open?id=0B2ZXN-dDkIy0MERyZFExNDBJOFE

Presenter: Ron Woerner, Bellevue University
Description: Ron Woerner will discuss and demo common tools used cybersecurity assessments, investigations, and administration. Ron Woerner is a professor of cybersecurity studies at Bellevue University working to prepare future professionals for the security industry.
Presentation: https://drive.google.com/drive/folders/0BzwQjnDmptwfYU9TS2VBS3VqZ28

Tues Aug 18, 2016 - Chapter Meeting - Powershell

Presenter: Justin Williams, American Title
Description: Justin Williams of American Title Inc. will give a warm up on Powershell for the sysadmin and future pen-tester, including a demo on obtaining a reverse shell. Justin has a background in systems administration and works for American Titile as a Security Analyst.

Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.
RSVP for Food Counts: https://www.eventbrite.com/e/chapter-meeting-powershell-tickets-27105181327
Lunch: Lunch will be provided by the College of IS&T (so please RSVP).
Parking: Free and open parking at UNO during this event.
CPEs: This lab will count as 1-hr of credit. Please be sure to sign in when you arrive.
Streaming: No plans to stream this meeting.
Presentation: https://drive.google.com/folderview?id=0B4t_HSHrO2GxQ0xpTXRuQUxraVU

Tues Nov 17, 2015 - Chapter Meeting - Offensive Python - Hands-On Lab

Presenter: Michael Born, Solutionary
Description: OWASP Omaha's own Michael Born gave a technical workshop at AppSec 2015 on Offensive Python. He will be bringing that presentation back to Omaha as a hands-on lab for a November chapter meeting.

Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 276.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.
RSVP for Food Counts: https://www.eventbrite.com/e/chapter-meeting-offensive-python-hands-on-lab-tickets-19321744859
Lunch: Lunch will be provided by the College of IS&T (so please RSVP).
Parking: Visitors display the parking pass and park in Lot 4 - the Faculty lot on the south side of the PKI building. Email [email protected] for the pass if you did not receive it via our mailing list.
Lab Environment: Guests are asked to bring a laptop pre-loaded with the lab VM and a Kali VM configured for a host-only environment.
Download lab materials here https://drive.google.com/folderview?id=0B4t_HSHrO2GxYTFydnRneTJwLWs&usp=sharing
CPEs: This lab will count as 1-hr of credit. Please be sure to sign in when you arrive.
Streaming: View the video here: https://www.youtube.com/watch?v=a6_kCzQ3Yyg

Thursday, October 29, 2015 - OWASP / ISC2 Networking Event

Description: Come on out and join OWASP and ISC2 together to share stories and network in our local AppSec community! Solutionary will sponsor some food and drink for the meeting, too!
Location: Scriptown, 3922 Farnam St, Omaha, NE 68131
Time: 4-7PM
RSVP for counts at EventBrite: https://www.eventbrite.com/e/owasp-isc2-networking-event-tickets-18863480177

Wednesday, October 14, 2015 - OWASP Soup to Nuts - UNL: National Cyber Security Awareness Month

Presenters: John Rogers CISSP GWAPT GSSP-JAVA: Lincoln Financial Group, Zac Fowler: University of Nebraska at Omaha
Description: Welcome to OWASP! This presentation is an introduction to OWASP- its mission, some of its projects, and upcoming local chapter meetings.
Location: , University of Nebraska-Lincoln: City Campus Union: Regency A Room
Time: 11:30 AM - 12:30 PM (1 Hour)
Event Link: http://its.unl.edu/security/national-cyber-security-month
Presentation: https://drive.google.com/a/owasp.org/file/d/0Bw2xJWT-Q7YKTmtPd001V2QxUEU/view?usp=sharing

Wednesday, September 30, 2015 - OWASP Soup to Nuts - OCIO Presentation

Presenters: John Rogers: Lincoln Financial Group, Zac Fowler: University of Nebraska at Omaha
Description: Welcome to OWASP! This presentation is an introduction to OWASP- its mission, some of its projects, and upcoming local chapter meetings.
Location: Nebraska Cyber Security Conference, hosted by the NE Office of the CIO; Southeast Community College, Lincoln NE
Time: 1:45 PM breakout session.
Presentation: https://drive.google.com/a/owasp.org/folderview?id=0B4t_HSHrO2GxRXAzbDhybE5vZXc&usp=sharing

Thursday, April 30, 2015 - Web Services Testing Cheat Sheet

Presenter: Michael Born: Lincoln Financial Group
Description: Michael will introduce and walk us through a new Web Service Testing Cheat Sheet he is developing for the chapter. He will address the pre-assessment, information gathering, testing, and summary phases, while sharing tools and tips for each. Learn some best practices and things to avoid while testing your home-grown or vendor produced web services.
Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.
Parking: Contact zac dot fowler at owasp dot org if you need a temporary parking pass for UNO's campus.
RSVP for Food Counts: https://www.eventbrite.com/e/intro-to-a-new-web-services-testing-cheat-sheet-tickets-16714902724
Lunch: Pizza will be provided by the College of IS&T (so please RSVP).
CPEs: We've been asked about CPEs for those who have attended online. At this time we (as a chapter) don't have a mechanism to validate CPEs while you watch remotely without extra effort. We're trusting our audience is an honest bunch, so if you join via the Hangout this month, shoot an email to zac dot fowler at owasp.org right after the event. It would be good to include a line or two so we know you were listening. We can add that to our meeting CPE roster for audit purposes. Thanks for understanding!
Hangout Details Google Hangout Event Page: https://plus.google.com/events/cnn1ktp90jsrcdlsm567hjlkbq4
Youtube link: http://www.youtube.com/watch?v=iVLGskMZJSw

Thursday, Dec 18, 2014 - Visit the SWAMP

Presenter: SWAP Leadership Team
Description: The Software Assurance Marketplace (SWAMP) is an open initiative that brings together goals for advancing the quality and adoption rate of security software tools, lowering thresholds for use, and making their output easier to interpret, by creating a repository of tools and and resources for all. During this chapter meeting we will be providing an introduction of SWAMP by its leaders via live WebEx, followed by a discussion about the marketplace and how we could all benefit.

From the SWAMP website: "Researchers who develop new software assurance tools and methodologies will use the repositories and cyberinfrastructure offered by the marketplace to improve their technologies and tools, while software developers and adopters will use the same services to hunt for vulnerabilities in their software. Educators will use these services to offer hands-on experience in software assurance techniques to their students."

Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.
CPEs: We've been asked about CPEs for those who have attended online. At this time we (as a chapter) don't have a mechanism to validate CPEs while you watch remotely without extra effort. We're trusting our audience is an honest bunch, so if you join via the WebEx this month, shoot an email to zac dot fowler at owasp.org right after the event. It would be good to include a line or two so we know you were listening. We can add that to our meeting CPE roster for audit purposes. Thanks for understanding!
WebEx Details: Screencap available soon.
SWAMP notes available at https://docs.google.com/document/d/1zew3VdaIFWxYolj8qO3Rg5IKxp_pPBqFZNC1zpFfxAw/edit?usp=sharing

Wed Nov 19, 2014 - NEbraskaCERT CSF Joint Meeting - Security Q&A Panel

Hosted by NEbraskaCERT

Every November for the last several years NEbraskaCERT & ISACA Omaha have hosted a joint meeting which is a Security Panel Q & A. This year Omaha- OWASP is going to be joining in as well. These are always a fun way to finish out the year and are a great chance to see some people we don't very often.

Join us for this special November join meeting, where you will be able to interact with a panel of local security professionals. Lunch is provided (please RSVP), and CPEs are available. This meeting will not be streamed, so hope to see you in person!

Panelists:

     Sharon Welna -Information Security Officer at UNMC
     Vlad Liska - Director of Operational Risk & Controls TD Ameritrade
     Chet Uber - Director Project Vigilant LLC
     Waton, Larry - Information Security Officer - First Data Technologies
     Gary Sparks - Faculty Metropolitan Community College
     *Panel is subject to change; alternates are on standby.

Location: Johnny's Cafe, 4702 South 27th Street, Omaha, NE
Time: 11:30 AM - 1:00 PM
RSVP / Lunch / CPE: Provided, so please RSVP to csfrsvp "at" NEbraskaCERT.org and provide name, company, phone and email address by Close Of Business Monday, November 17th
More Information: http://www.nebraskacert.org/CSF/

Note #1: If you need a **CPE** form please let us know when you RSVP.

Note #2: This is the last NEbraskaCERT event for the year. They'll be taking December off as usual. NEbraskaCERT regular meetings will continue to be held on the third Wednesday of each month, starting again in the new year.

Thu Oct 9, 2014 - Securing Android: Tips from a First-Time Builder and OWASP Put to the Test

Presenter: Zac Fowler, UNO's College of Information Science and Technology
Description: As a web developer, jumping over to building for mobile platforms like Android and iOS is a very attractive option. The worlds aren't all that far apart form each other. You may have tried it yourself. What are the security implications that you should think about, jumping over from a web-based world to a native platform for the first time? Join Zac Fowler as he walks through his experience building an Android app, then applies the OWASP Mobile Top Ten and feedback from experienced Breakers to the project. Zac will go over common app use cases such as local storage and API communication, pitfalls he found, as well as remediations for first-timers. To close, he will share how the steps he used can be applied to (almost) any project, and how OWASP plays a role in incrementally improving the way you approach security.

Zac Fowler is a developer and project manager at UNO's College of Information Science and Technology, in charge of a student development group known as the IS&T Attic. He as been programming for the web since the late 90s and loves learning new technologies. Zac currently serves as a co-leader of the OWASP Omaha chapter.
Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room 279.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.
RSVP for Food Counts: https://www.eventbrite.com/e/securing-android-tips-from-a-first-time-builder-and-owasp-put-to-the-test-tickets-13407611527
Lunch: Pizza will be provided by the College of IS&T (so please RSVP).
Slides: Presentation materials can be found here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxeGxaTmhRdDNISGc&usp=sharing
Video: Video for the event can be found here: http://youtu.be/6LsxjRPAogM?t=7m59s

Thu June 12, 2014 - OWASP in Payment Card Security: Secure Coding, OWASP, and PCI 3.0 DSS Requirement 6

Presenter: Rob Temple, Joel vanBrandwijk, and Ryan Misek from Mutual of Omaha
Description: Data breaches and payment card compromises are more frequent, high-profile, and damaging. The every day consumer has been hit by large data breaches at Target, Michaels, and Aaron Brothers, among others. People all around us can testify to the effects of millions of credit cards in the wrong hands. It has become commonplace.

The PCI Security Standards Council (PCI SSC) security standards has recently released a new and improved set of requirements and standards for any organization that processes, transmits, or stores payment card data. PCI DSS' infamous Requirement 6 focuses on secure systems and applications, including secure coding and web application firewalls. OWASP has been noted in the PCI DSS as a trusted resource for secure coding and application vulnerability management. Join us for our next OWASP Omaha chapter meeting as we explore the some of these resources and discuss ways that OWASP can help meet this requirement.

Rob Temple is an information security analyst with Mutual of Omaha. He has been a software solutions developer for over 15 years working primarily with the.NET/Java languages. His recent web app projects include security based tools in the identity management space. Prior to Mutual of Omaha, Rob worked as an infosec consultant, performing PCI DSS and HIPAA security assessments for financial institutions and higher education organizations. He also has experience with web application pentesting and appsec consulting. Rob initiated the reactivation of the OWASP Omaha Chapter with the encouragement of OWASP Executive Director, Sarah Baso in 2011, He currently serves as a member of the leadership team.

Location: The Peter Kiewit Institute, Univ. of Nebraska at Omaha's Pacific Street Campus, 1110 S. 67th Street, Omaha, NE 68182, Room **164**.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.
RSVP for Food Counts: https://www.eventbrite.com/e/owasp-in-payment-card-security-secure-coding-owasp-pci-30-dss-req-6-tickets-11741110979
Parking and lunch: Pizza will be provided by the College of IS&T (so please RSVP). Contact zac dot fowler at owasp dot org if you need a parking pass.
Google+ Hangout: Watch the video here: https://www.youtube.com/watch?v=oe2ngtR2mJU

Slides available here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxRHpDc2tGZ2szZUk&usp=sharing

Sat Mar 29 2014 - Web Application Security - So many tools, so little time Redux

Presenter: John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
Description: This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.

John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group.  Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc.  John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries.  John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska
Location: Nebraska Code Camp 2014
Note: This is a talk at the Nebraska Code Camp - http://nebraskacodecamp.com

Thu Mar 13, 2014 - Vetting Third Party Vendor Applications

Presenter: John Rogers
Description: This presentation will discuss how to acquire and validate information that will provide assurance that your third party vendor applications adhere to your standards and are free from the common web application vulnerabilities. The discussion will also include what basic requirements are needed to accept a web application security assessment report from an independent security assessment firm.
John will hit points covering:
- 3rd Party Vendor Assessment Requirements - 3rd Party Vendor Assessment Public Facing Document - 3rd Party Vendor Application Security Standards

Location: -Peter Kiewit Institute, 1110 S. 67th Street, Omaha, NE 68182, Room 350.
Time: 12:00 - 1:00 PM. The room will open at 11:45AM.
RSVP: EventBrite at https://www.eventbrite.com/e/vetting-third-party-vendor-applications-tickets-9617944531
Parking: Email [email protected] for a parking pass for the talk. **A copy was attached on the reminder sent to OWASP Omaha mailing list -- check your inbox.
Screencast: Google+ Hangout link will be posted prior to start via OWASP Omaha mailing list and twitter feed. Here's the link: http://youtu.be/Z5gcT53Wydc ""Files"": You can download the files from this presentation here: https://drive.google.com/folderview?id=0B4t_HSHrO2GxZ1N6OUxVYXE2Q2M&usp=sharing

Thu Dec 5, 2013 - Mobile Application Security Assessments

Presenter: Michael Born, Solutionary
Description: As the world becomes increasingly more 'connected', our digital lives get transmitted through various types of applications including mobile devices. Besides that, the bring your own device debate among security professionals within corporate enterprise environments, maintaining confidentiality, availability, and integrity of data transmitted through these devices must be a continued focus of the security community.

In this presentation, Michael Born, an Associate Security Consultant with Solutionary will walk through a step by step demonstration of setting up and performing a mobile application security assessment on both Android and iOS. Included in the presentation will be an example iOS Security Assessment performed by Michael along with a hands on walk through of a Jailbroken iOS device file system.

Check out a warm-up video at our youtube channel: http://www.youtube.com/watch?v=VRnj816ec-8. This video walks through some set up step so that we're on the same page for the presentation!


-Peter Kiewit Institute, 1110 S. 67th Street, Omaha, NE 68182, Room 279. 12:00 - 1:00 PM. The room will open at 11:45AM.
-Pizza will be provided on a first-come first-serve basis
-UNO has open parking that week, so you will not need to worry about obtaining a pass.

RSVP on EventBrite at http://www.eventbrite.com/e/mobile-application-security-assessments-tickets-9326244047?aff=eorg

Thu Sep 12, 2013 - The OWASP Way: Understanding the OWASP Vision and the Top Ten

Presenter: Scott Christiansen, Software Security Engineer, TD Ameritrade
Description: Scott a Software Security Engineer for TD Ameritrade.  In this role he provides static and dynamic application assessments for over 250 TD Ameritrade front end, back end and mobile applications.  Prior to this Scott was the Lead Analyst for TD Ameritrade’s Security Event Center which coordinates incident response within TD Ameritrade.  In addition to this Scott is also an Adjunct Instructor for ITT Technical Institute’s Bachelors of Information Security program, and an adjunct Professor for Bellevue University’s Masters of Cyber Security Program.  Prior to his current role with Scott was the Chief Security Officer for the Leo A Daly Company.  Scott is also a Past President of Nebraska InfraGard, and a graduate of the FBI Citizen’s Academy.  Scott received his Bachelor’s Degree in 2003 from Bellevue University in Business Information Systems and his Master’s Degree from the University of Nebraska Omaha in the Management of Information Systems.  Upon Graduation Scott was the recipient of the 2007-2008 Outstanding Graduate Student in Information Systems & Quantitative Analysis.  Scott is a current CISSP holder in addition to numerous other certification’s from CompTIA and Microsoft.

Time & Location: Thursday, Sept 12th, 12PM. TriPointe Coffeehouse, http://tripointecoffeehouse.com/, 138 N. Washington Street Papillion, NE 68046 Download Scott's Slides

Thu Jun 6, 2013 - Web Application Security - So many tools, so little time

Presenter: John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group
Description: This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.

John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group.  Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc.  John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries.  John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska

Time & Location: Thursday, June 6, 12PM. Peter Kiewit Institute, Room 279. (67th and Pacific in Omaha) RSVP and view more details on our EventBrite page: https://www.eventbrite.com/event/6952516163

Thu Mar 7, 2013 - Welcome to OWASP Omaha!

Presenters: OWASP Omaha Chapter Leadership
Description: Meet the chapter leaders and learn more about OWASP Omaha
Date & Time: Thursday, March 7th, 12:00 noon - 1:00 P.M.
Location: Bellevue University: Durham Student Center (building #6). Park in Lot D. Check out the map here: [1].

Upcoming Events

Q4, 2019 - Next Chapter Meeting TBD