|
|
(42 intermediate revisions by 5 users not shown) |
Line 1: |
Line 1: |
− | {{Chapter Template|chaptername=NY/NJ |extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-newjersey|emailarchives=http://lists.owasp.org/pipermail/owasp-newjersey}}
| + | = OWASP Northern New Jersey = |
| | | |
− | ==SEPTEMBER 6th MEETING==
| + | <h2>[https://www.meetup.com/owaspnycnj/ https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [https://www.meetup.com/owaspnycnj/ New Jersey Chapter] |
− | OWASP supports Global Security Week (Sept. 3rd-9th) [http://www.globalsecurityweek.com/index.html Click Here More Info...]. In local support of this worldwide effort, the next NY/NJ OWASP Chapter meeting will be on <b> <u>September 6th 5:30pm-9:00pm </u></b>
| |
− | | |
− | ===PRIMARY SPONSOR: [http://www.amex.com AMERICAN STOCK EXCHANGE]===
| |
− | Special thanks to: Doug Shin
| |
− | <b>Meeting Address:</b> 86 Trinity Place, NY NY 10006 ~ [http://tinyurl.com/2c5ohu Directions]
| |
− | | |
− | <b>Event coSponsors:</b> [http://signacert.com SIGNACERT] ~~ [http://www.ouncelabs.com OUNCE LABS] ~~ [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.fortifysoftware.com FORTIFY SOFTWARE]
| |
− | | |
− | ---
| |
− | | |
− | TOPIC: <b>Financial Real-Time Threats: Impacting Trading Floor Operations </b>
| |
− | | |
− | This presentation will aim to illustrate how individual application or
| |
− | network layer threats, if combined correctly, can impact the workload
| |
− | between the “pit” and departments such as settlements, processing and
| |
− | accounting. Stemming from the lowest level of internal threat, systems on,
| |
− | or behind, trading floor operations can be manipulated in ways that might
| |
− | even go unnoticed. Such impact is possible due to the shear complexity of
| |
− | the enterprise applications used, as well as the ways in which they are
| |
− | inter-related.
| |
− | | |
− | TOPIC: <b>JBroFuzz: Effective Fuzzing for Network and Web Applications </b>
| |
− | | |
− | JBroFuzz is a stateless network protocol fuzzer that emerged from the
| |
− | needs of penetration testing. This presentation will aim to illustrate
| |
− | efficient ways of fuzzing in order to minimize the amount of time spent in
| |
− | discovering application and network protocol vulnerabilities.
| |
− | | |
− | SPEAKER: Dr. Yiannis Pavlosoglou is a Security Project Manager at
| |
− | [http://www.irmplc.com Information Risk Management]
| |
− | | |
− | ---
| |
− | | |
− | TOPIC: <b>Stock fluctuation from an unrecognized influence. </b>
| |
− | | |
− | SPEAKER: Justine Bone-Aitel - [http://www.immunityinc.com Immunity Security]
| |
− | | |
− | ---
| |
− | | |
− | TOPIC: <b>Hackers...BotNets oh My!</b> Obtain a briefing on the current BotNet investigations etc.
| |
− | | |
− | SPEAKER BIO: [http://newyork.fbi.gov/nyfohome.htm NYC FBI Cyber Crime Unit]
| |
− | | |
− | ---
| |
− | | |
− | TOPIC: <b>Why today's vulnerability assessments are failing and a case for industry standardization</b>
| |
− | | |
− | As organizations mature their information security capabilities they start to extend their requirements to their partners and providers. Providing for the identification and management of information security issues are becoming part of contractual language. Vulnerability Assessment / ethical reports today are used today as one measurable data point to build a confidence in the status of other parties’ web applications and is generally an accepted set in due diligence. The challenge today is these Vulnerability Assessments are inconsistent in scope & rigor, and reported in a form that makes them incomparable between institutions. It is frequently impossible to understand what test design was used (black box/white box), what set of conditions were tested (OWASP top ten only, CVE, items found by common scanning tools, manually exercised conditions, etc) and how issues were rated for severity (CVSS, vendor provided, customer provided, etc). A similar problem existed with information security assessments of operational and physical security at outsourced service providers used by financial institutions and was address by developing an “agreed upon procedures” approach to outline common things needed by institutions so that assessments could be done once by a neutral party and then reused. This presentation, while not offering the complete answer for application security testing, will attempt to outline the components needed for such a solution.
| |
− | | |
− | SPEAKER BIO: Mark Clancy is Senior Vice President at [http://www.citigroup.com Citigroup]
| |
− | Mr. Clancy has 15 years experience in the information systems and information security industry. His responsibilities include management of technical content of the company’s information security polices and standards.
| |
− | | |
− | Prior to joining Citigroup Mr. Clancy was a consultant working with many fortune 500 companies on Information systems and Information security projects spanning the banking, insurance, pharmaceutical and manufacturing industry sectors. He holds a BS in Electrical Engineering from Drexel University and is a member of IEEE and ISSA and a participant in the FS-ISAC, BITS, FSTC, Financial Fortress Leadership Group, and Global Security Consortium.
| |
− | | |
− | --
| |
− | | |
− | TOPIC:
| |
− | <b>Blackhat/Defcon</b> - during this debriefing we will discuss many of the hot bleeding edge INFOSEC topics that were covered at the [http://www.blackhat.com Blackhat] & [http://www.defcon.org Defcon] event Aug 1st - Aug 5th. If you attended the event, look for your picture win a prize... if you missed this annual event, you will want to attend to get a briefing on the hot topics!!!
| |
− | | |
− | SPEAKER BIO:
| |
− | Tom Brennan, President OWASP NY/NJ Metro
| |
− | | |
− | --
| |
− | | |
− | TOPIC: <b>Global Security Week</b>
| |
− | What is the current state of Privacy on Web Application Security?
| |
− | What should we be focusing on?
| |
− | | |
− | Round-Table Panel - [http://www.globalsecurityweek.com/html/calendar.html GSW]
| |
− | | |
− | --
| |
− | | |
− | <center><b> Meetings are FREE and open to the PUBLIC - </b>[http://fs7.formsite.com/OWASP/form185804020/index.html RSVP IS REQUESTED] </center>
| |
− | | |
− | <hr>
| |
− | | |
− | ==OCTOBER 25th MEETING==
| |
− | Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event. <b> <u>October 25th 9:30am-4:30pm </u></b>
| |
− | | |
− | ===PRIMARY SPONSOR: [http://aboutus.vzw.com/aboutusoverview.html VERIZON WIRELESS]===
| |
− | Special thanks to: Philip Varughese
| |
− | <b>Meeting Address:</b> 295 N Maple Ave, Basking Ridge, NJ 07920 ~ [http://tinyurl.com/2vuh7f Directions]
| |
− | | |
− | <b>Event coSponsors:</b> [http://www.accessitgroup.com ACCESSIT] ~~ [http://www.cenzic.com CENZIC] | |
− | ~~ [http://www.archer-tech.com ARCHER TECHNOLOGIES] ~~ [http://www.intrepidusgroup.com INTREPIDUS GROUP] ~~ [http://www.mandiant.com MANDIANT]
| |
− | ---
| |
− | | |
− | TOPIC: <b>Keynote</b>
| |
− | | |
− | SPEAKER: Renato Delatorre, Verizon Wireless
| |
− | | |
− | ---
| |
− | | |
− | TOPIC: <b>Social Engineering</b>
| |
− | | |
− | SPEAKER: Kevin Mitnick
| |
− | | |
− | ---
| |
− | | |
− | TOPIC: <b>ISO 27001 What is it... Why do you care?</b>
| |
− | | |
− | SPEAKER BIO: Mahi Dontamsetti
| |
− | | |
− | --
| |
− | | |
− | TOPIC: <b>VOIP - Can you hear me now?</b>
| |
− | | |
− | SPEAKER BIO: Paul Rohmeyer
| |
− | | |
− | --
| |
− | | |
− | | |
− | TOPIC: <b>Internet Fraud - War Stories</b>
| |
− | | |
− | SPEAKER BIO: Mike Esposito
| |
− | | |
− | ---
| |
− | | |
− | TOPIC: <b>Dig Your Own Hole: 12 Ways to Go Wrong with Java Security</b>
| |
− | | |
− | SPEAKER BIO: Richard Bowen
| |
− | | |
− | --
| |
− | | |
− | TOPIC: IMS = Is Missing Security?
| |
− | | |
− | SPEAKER: Peter Thermos, Michael McCobb
| |
− | | |
− | | |
− | --
| |
− | | |
− | | |
− | TOPIC: <b>TBD</b>
| |
− | | |
− | SPEAKER BIO: TBD
| |
− | | |
− | --
| |
− | | |
− | <center><b> Meetings are FREE and open to the PUBLIC - </b> </center>
| |
− | | |
− | <hr>
| |
− | | |
− | To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.
| |
− | | |
− | = NY/NJ OWASP Chapter Leaders =
| |
− | <ul>
| |
− | Officers
| |
− | *<b>President:</b> [mailto:jinxpuppy(at)gmail.com Tom Brennan]
| |
− | *<b>Vice President:</b> [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
| |
− | *<b>Secretary:</b> [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
| |
− | *<b>Treasurer:</b> [mailto:tom.ryan(at)providesecurity.com Tom Ryan]
| |
− | Board of Directors
| |
− | *<b>Board Member:</b> [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
| |
− | *<b>Board Member:</b> [mailto:pstern100(at)gmail.com Peter Stern]
| |
− | *<b>Board Member:</b> [mailto:KReiter(at)insidefsi.net Kevin Reiter]
| |
− | *<b>Board Member:</b> [mailto:BrianPei(at)yahoo.com Brian Peister]
| |
− | *<b>Board Member:</b> [mailto:dougshin(at)gmail.com Douglas Shin]
| |
− | Educational Advisors
| |
− | *<b>New Jersey Institute of Technology:</b> [mailto:oe2(at)njit.edu Osama Eljabiri]
| |
− | *<b>Polytechnic University:</b> [mailto:memon(at)poly.edu Nasir Memon]
| |
− | </ul>
| |
− | | |
− | | |
− | The chapter mailing address is:
| |
− | | |
− | NY/NJ Metro OWASP
| |
− | 759 Bloomfield Ave #172
| |
− | West Caldwell, New Jersey 07006 <br>
| |
− | 973-202-0122
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | <br>
| |
− | [http://www.proactiverisk.com ~]
| |