This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Bay Area"

From OWASP
Jump to: navigation, search
(added leaders)
 
(240 intermediate revisions by 18 users not shown)
Line 1: Line 1:
 +
 +
= Bay Area Chapter Board =
 +
Interested in finding out more? Will contact you with information on the first in person chapter board discussion in San Francisco
 +
 +
Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2
 +
 +
= Chapter Meetings =
 +
 +
Bay Area OWASP Chapter meetings are posted on our meetup!
 +
 +
Please visit http://www.meetup.com/Bay-Area-OWASP/ for all chapter event information.
 +
 +
== Our next  event ==
 +
We hold regular events across the OWASP Bay Area.
 +
 +
Check out our meetup page for upcoming events:
 +
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]
 +
 
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}
 
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}
 +
[[File:Highres 469396345.jpg|center|thumb|868x868px]]
 +
 +
[[File:OWASP Cali.jpg|center|thumb|825x825px]]
 +
 +
[[File:March 2018.jpg|thumb|848x848px]]
 +
 +
[[File:OWASP-Bay-Area-Aug-2014.png]]
 +
 +
Picture is @BenHagen talking about cloud security and applications
 +
 +
= About OWASP Bay Area Chapter=
 +
== Geographic Area of Bay Area Chapter ==
 +
 +
The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area.  Currently, the Bay Area OWASP Chapter covers this whole geographic region.
 +
 +
== Become a Presenter ==
 +
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting
 +
 +
[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]
 +
 +
=== Notes about OWASP presentations ===
 +
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.
 +
 +
OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.
 +
 +
 +
== Chapter Meetings ==
 +
 +
[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here
 +
 +
=== About Presentation Events ===
 +
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.
 +
 +
=== About OWASP Social Hours===
 +
The purpose of the OWASP social gathering is:
 +
 +
* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
 +
* Networking - meet other people in the field and industry
 +
* After work drinks - a nice break after a long work day
 +
 +
Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
 +
https://www.owasp.org/index.php/Bay_Area
 +
 +
Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact [email protected]
 +
 +
 +
 +
==Past Events==
 +
 +
=== '''2018 Past Events''' ===
 +
 +
'''March 2018 - AppDynamics'''
 +
 +
• 6:30 - Doors open
 +
 +
• 7:00-7:30 - HUNT: Data Driven Web Hacking & Manual Testing (JP Villanueva)
 +
 +
• 7:35-8:05 - Detecting suspicious activity: Time-based analysis of DNS traffic (Barak Raz)
 +
 +
• 8:05-9:00 - Networking
 +
 +
'''March 2018 - Intuit'''
 +
 +
• 6:30 - Doors open
 +
 +
• 7:00-7:30 New Attacks Against Unencrypted Traffic (Travis Hassloch)
 +
 +
• 7:35-8:05 - "Offensive Defense" - The best defense is a good offense (Stephan Chenette)
 +
 +
• 8:05-9:00 - Networking
 +
 +
'''*Special Event* - February 2018 - HackerOne'''
 +
 +
Hacker Thursday - Mobile Application Security
 +
 +
'''*Special Event* - January 2018 - CircleCI'''
 +
 +
Hacker Thursday - Application Security Automation with OWASP ZAP 2.7.0
 +
 +
'''January 2018 - Smyte'''
 +
 +
• 6:30 - Doors open
 +
 +
• 6:45 - 6:55 News Bites (Lina)
 +
 +
• 7:00-7:30 - Simple is Better: Fighting Online Abuse with Rate Limiter
 +
 +
• 7:35-8:05 - Reporter -> P.I. -> Security Engineer - How Curiosity Led to an InfoSec Career (Tad Whitaker)
 +
 +
• 8:10-8:40 - XXE Vulnerabilities: From the Beginning Till Now (Ivan Novikov)
 +
 +
• 8:40-9:00 - Networking
 +
 +
=== '''2017 Past Events''' ===
 +
 +
'''*Special Event* - December 2017 - Shape Security'''
 +
 +
Hacker Thursday - Unorthodox Security Assessment: OSINT for Intelligent Attacks
 +
 +
Nutan Kumar Panda
 +
 +
'''December 2017 - Contrast Security'''
 +
 +
• 6:30 - Doors open
 +
 +
• 6:45-7:00 - Welcome
 +
 +
• 7:00-8:00 - Three Ways of Security (Jeff Williams)
 +
 +
• 8:00-9:00 - Networking and Giveaways!
 +
 +
'''November 2017 - Credit Karma'''
 +
 +
• 6:30 - Doors open
 +
 +
• 6:45-7:00 - News with Hardeep Singh
 +
 +
• 7:00-7:30 - Three Keys for SecDevOps Success (Frank Kim)
 +
 +
• 7:35-8:05 - TLS for Microservices (Michael Cline)
 +
 +
• 8:05-9:00 - Networking
 +
 +
'''*Special Event* - November 2017 - Credit Karma'''
 +
 +
Hacker Thursdays: Learn secure coding with a live tournament
 +
 +
Stephen Allor
 +
 +
'''*Special Event* - October 2017 - ShieldX Networks'''
 +
 +
Hacker Thursdays:- Dissecting Injection vulnerabilities
 +
 +
Matt Torbin
 +
 +
'''September 2017 - Distil Networks'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:15 "The Great Bot Gift Card Heist" - Kevin Bottomley
 +
 +
• 7:20 - 7:50 "Scaling Application Security with DevSecOps" - Abhay Bhargav
 +
 +
• 7:55 - 8:25 "The Struts Vulnerability" - Prashant Venkatesh
 +
 +
• 8:25 - 9:00 Networking
 +
 +
• 9 Doors Close
 +
 +
'''September 2017 - Intuit'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:15 "Making Vulnerability Management Less Painful with OWASP DefectDojo" - Greg Anderson
 +
 +
• 7:20 - 7:50 "Crikey! Pirates Be Lurkin' at the Single Sign-On Watering Hole" - Mike Hunter
 +
 +
• 7:55 - 8:25 "There’s a new sheriff in town; dynamic security group recommendations with Grouper and Dredge" - Kevin Glisson
 +
 +
• 8:25 - 9:00 Networking
 +
 +
• 9 Doors Close
 +
 +
'''September 2017 - Lending Club'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:25 "Introducing the OWASP Game Security Framework" - Daniel Miessler
 +
 +
• 7:30 - 8:10 "Motherhood, Mental Health, and a Career in CyberSecurity" - Caroline Wong
 +
 +
• 8:10 - 9 Networking
 +
 +
• 9 Doors Close
 +
 +
'''*Special Event* - September 2017 - Lending Club'''
 +
 +
Web Application Penetration Basics
  
=Next Event=
+
Ty Sbano
==Date and Location==
 
  '''June 25th @ 2PM - Microsoft'''
 
  1065 La Avenida St.
 
  Mountain View, CA 94043
 
  Conference Room - Galileo
 
  
OWASP Bay Area will host its '''half day Application Security Summit''' at the Microsoft Facility in Mountain View on Wednesday, June 25th. As usual attendance is free and food and beverages will be provided. '''We have some excellent speakers lined up for this and it should be an event not to be missed.''' The event is open to the public. Please forward this invite to your colleagues and friends who are interested in computer and application security.
+
'''June 2017 - Lending Club'''
  
Special thanks to Microsoft for hosting this event and to Cenzic and AppSec Consulting, Rapid7, and Imperva for sponsoring.
+
• 6:30 Doors Open
  
==Agenda==
+
• 6:45 - 7:25 "Introducing the OWASP Game Security Framework" - Daniel Miessler
  1.30 PM - 2.00 PM ... Check-in and registration
 
  2:00 PM - 2:10 PM ... Overview of the OWASP Bay Area Chapter - Mandeep Khera, Bay Area Chapter Leader
 
  2:10 PM - 2:55 PM ... Consumerization of enterprises: a security conundrum – Dr. Chenxi Wang, Principal Analyst, Forrester Group
 
  2:55 PM - 3:40 PM ... Cross-Site Request Forgery- New Attacks and Defenses - Collin Jackson, PH.D. student, Stanford University
 
  3:40 PM - 4:00 PM ... Networking Break
 
  4:00 PM - 4.45 PM ... Google Gadget Security - Tom Stracener, Cenzic
 
  4:45 PM - 5:30 PM ... How Cybercriminals Steal Money - Neil Daswani, Google
 
  
==Speakers==
+
• 7:30 - 8:10 "Motherhood, Mental Health, and a Career in CyberSecurity" - Caroline Wong
'''Consumerization of enterprises: a security conundrum''' by Dr. Chenxi Wang, Principal Analyst, Forrester Group
 
  
Dr. Chenxi Wang is a principal analyst with Forrester. She leads Forrester's research in areas including content security, application security, threats and vulnerability management, and software security. Chenxi brings to Forrester years of sophisticated research experience; her previous experience includes a five-year stint as an associate research professor at Carnegie Mellon University, where she published many research papers on network security and distributed systems.
+
• 8:10 - 9 Networking
  
Previously, Chenxi served as the chief scientist for KSR, a managed security service startup in the San Francisco bay area. Chenxi also serves as an investigative forensics expert for the Federal Trade Commission. She is the recipient of a Critical Infrastructure Protection Fellowship from the Army Research Office and the Samuel Alexander Fellowship of ACM for outstanding Ph.D. thesis research.
+
• 9 Doors Close
  
'''Cross-Site Request Forgery- New Attacks and Defenses''' by Collin Jackson, PH.D. Student, Stanford University
+
'''May 2017 - Netflix (videos on youtube)'''
  
Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability, but none of the three major CSRF defenses are satisfactory and many web sites neglect to prevent login CSRF. In a login CSRF attack, an attacker uses the victim's browser to forge a cross-site request to the honest site's login URL, supplying the attacker's user name and password. This forged request can disrupt the integrity of the session and enable theft of confidential information.
+
• 6:30 Doors Open
  
Although the HTTP Referer header could be used as an effective general CSRF defense, our experiments indicate that the header is widely blocked at the network layer due to privacy concerns. Our experimental data shows, however, that the header can be used today as a reliable CSRF defense over HTTPS, which is ideal for login CSRF prevention. For the long term, we propose the Origin header, which provides the security benefits of the Referer header while responding to privacy concerns. Additionally, we show that a network attacker can often disrupt session integrity even when the site deploys CSRF defenses, and propose additional defenses against these identity-misbinding attacks.
+
• 6:45 - 7:15 "All you email are belong to us: exploiting vulnerable email clients via domain name collision" - Ilya Nesterov and Maxim Goncharov
  
Collin Jackson is a fourth-year Ph.D. student in Computer Science at Stanford University. His research focuses on browser vulnerabilities, web authentication, mashups, and web application security.
+
• 7:20 - 7:40 "Attacking & Defending DevOps" - Patrick Thomas
  
'''Google Gadget Security''' by Tom Stracener,  Sr. Security Analyst, Cenzic
+
• 7:45 - 8:05 "LISA - Location Independent Security Approach" - Bryan Zimmer
  
Google Gadgets are HTML and Javascript applications that can be embedded in other web applications or the user's desktop (provided they are using Google Desktop). Gadget code is highly portable and can run on multiple sites or applications with few changes to the underlying code. This talk will focus on gadget security, an area where the current implementation is deeply flawed. We will examine Rsnake's XSS vulnerability in Google gadgets, consider possible attack scenarios, and also look at the reasons why Google chose not to fix this vulnerability. We take a critical look on they ways attackers can exploit the current Gadget implementation when performing attacks. This talk will provide the audience with background information for the upcoming Blackhat 2008 session "Xploiting Google Gadgets: Gmalware and Beyond" by Robert Hansen and Tom Stracener.
+
• 8:05 - 9 Networking and Netflix OSS expo
  
Tom is the Senior Security Analyst for Cenzic’s CIA Labs. Mr. Stracener was one of the founding members of nCircle Network Security. While at nCircle he served as the head of vulnerability research from 1999 to 2001, developing one of the industry’s first quantitative vulnerability scoring systems, and co-inventing several patented technologies. Mr. Stracener is an experienced security consultant, penetration tester, and vulnerability researcher. One of his patents, “Interoperability of vulnerability and intrusion detection systems,” was granted by the USPTO in October 2005. Tom has spoken at various conferences including New York Security Conference, ISSA, OWASP, Defcon, and others.
+
• 9 Doors Close
  
'''How Cybercriminals Steal Money''' by Neil Daswani, Google
+
'''April 2017 - Pandora (videos on youtube)'''
  
This talk discusses how we can prevent cybercrime due to the most significant emerging application security vulnerabilities.  Such vulnerabilities are used to commit various types of wide-scale fraud, and attacks based on them steal money right out of people's bank accounts, capture tens of millions of credit card numbers, and aid in the construction of next-generation botnets.
+
• 6:30 Doors Open
  
In the talk, I will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security.  This talk will then:
+
• 6:45 - 7:30 "Effective AppSec Metrics" - Caroline Wong
  
* review how attacks such as XSRF (Cross-Site-Request-Forgery), XSSI (Cross-Site-Script-Inclusion), and SQL Injection work,
+
• 7:35 - 8:20 "IoT Exploitation 101" - Aditya Gupta
* discuss their impact on Web 2.0, AJAX, mashup, and social networking applications,
 
* outline how to defend against them, and
 
* describe how to modify a software development process to achieve security.
 
  
Finally, the talk will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.
+
• 8:25 - 9:00 Networking
  
Neil Daswani has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). While at Stanford, Neil co-founded the Stanford Center Professional Development (SCPD) Security Certification Program (http://proed.stanford.edu/?security).  His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and earned a bachelor's in computer science with honors with distinction from Columbia University.  Neil is also the lead author of "Foundations of Security: What Every Programmer Needs To Know" (published by Apress; ISBN 1590597842; http://tinyurl.com/33xs6g ) More information about Neil is available at http://www.neildaswani.com/
+
• 9:00 Doors Close
  
==RSVP==
+
'''March 2017 (2) - Ebay'''
'''REGISTER EARLY AS SEATING IS LIMITED'''
 
  
Please RSVP at http://owaspbajune2008.eventbrite.com
+
• 6:30 Doors Open
  
=Bay Area Chapter Leaders=
+
• 6:45 - 7:15 "Cracking Financial Systems" - John Menerick
*[mailto:[email protected] Brian Bertacini]
 
*[http://ggee.org Garrett Gee]
 
*[mailto:[email protected] Mandeep Khera]
 
*[mailto:[email protected] Robi Papp]
 
  
=Bay Area Past Events=
+
• 7:20 - 7:50 "Hacking Mainframes" - Philip Young
 +
 
 +
• 7:55 - 8:25 "Hacking Smart Door Locks with Bluetooth Relay Attacks" - Mike Ryan
 +
 
 +
• 8:25 - 9 Networking
 +
 
 +
• 9 Doors Close
 +
 
 +
'''March 2017 - NetSpi'''
 +
 
 +
• 6:30 Doors Open
 +
 
 +
• 6:45 - 7:15 "Cracking Financial Systems" - John Menerick
 +
 
 +
• 7:20 - 7:50 "SQL Server Security" - Scott Sutherland
 +
 
 +
• 7:50 - 9 Networking
 +
 
 +
• 9 Doors Close
 +
 
 +
'''January 2017 (2) - Synack'''
 +
 
 +
• 6:30 Doors Open
 +
 
 +
• 6:45 - 7:30 Talk 1
 +
 
 +
Robert Wood - Bringing Red Teaming to the Board Room
 +
 
 +
• 7:45 - 8:30 Panel Discussions
 +
 
 +
• 8:30+ Networking
 +
 
 +
• 9 Doors Close
 +
 
 +
'''January 2017 - Bleacher Report'''
 +
 
 +
• 6:30 Doors Open
 +
 
 +
• 6:45 - 7:30 Talk 1
 +
 
 +
Robert Wood - Bringing Red Teaming to the Board Room
 +
 
 +
• 7:45 - 8:30 Talk 2
 +
 
 +
Rob Witoff - Security Automation With Immutable Infrastructure
 +
 
 +
• 8:30+ Networking
 +
 
 +
• 9 Doors Close
 +
 
 +
=== '''2016 Past Events''' ===
 +
'''November (2) 2016 - Linkedin'''
 +
 
 +
• 6:30 Doors Open
 +
 
 +
• 6:45 - 7:30 Talk 1 (Rohit Pitke, Mukul Khullar - A walkthrough on AWS Security Pitfalls)
 +
 
 +
• 7:45 - 8:30 Talk 2 (Scott Behrens - Cleaning Your Applications' Dirty Laundry With Scumblr )
 +
 
 +
• 8:30+ Networking
 +
 
 +
'''November 2016 - Salesforce'''
 +
 
 +
• 6:30 Doors Open
 +
 
 +
• 6:45 - 7:30 Talk 1 -Will Bengston and Travis McPeak - Jumpstart a Bandit Program in Your Organization
 +
 
 +
• 7:45 - 8:30 Talk 2 - Kuba Sendor (@jsendor), Yelp - "Slicing Apples with Ninja Sword: Fighting Malware at the Corporate Level"
 +
 
 +
'''September 2016 - Twitter'''
 +
 
 +
• 6:30 Doors Open
 +
 
 +
• 6:45 - 7:30 Talk 1 - Ron Hamilton, Performance Technology Partners (PTP)
 +
 
 +
• 7:45 - 8:30 Talk 2 - Luca Carettoni, LinkedIn Defending against Java Deserialization Vulnerabilities
 +
 
 +
'''June 2016 - Visa'''
 +
 
 +
6:30 - Doors Open
 +
 
 +
6:45 - Talk 1 - Secure by Default Stack: Web Application Security Infrastructure - Pritam Mungse, Visa
 +
 
 +
7:30 - Break
 +
 
 +
7:40 - Talk 2 - Research on HTTPS error storage policies, Adrienne Porter Felt, Google
 +
 
 +
8:30 - Networking
 +
 
 +
'''May 2016 - Thoughtworks'''
 +
 
 +
• 6:30 Doors Open
 +
 
 +
• 6:45-7:45 Chris Steipp,  Security Team - Wikimedia (How the Wikimedia Foundation promotes security in the open-source projects)
 +
 
 +
• 7:50 - 8:20 Michael Coates, TISO at Twitter & Kyle Randolph, Principal Security Engineer at Optimizely - Strategies for growing your AppSec team & influence
 +
 
 +
• 8:20+ Networking
 +
 
 +
'''April 2016 - Lending Club'''
 +
 
 +
6:30- Doors Open
 +
 
 +
6:40 - 7:15 - Joe Rozner, Richard Meester,  Prevoty - Sinking Your Hooks in Applications (from AppSecUSA 2015)
 +
 
 +
7:20 - 7:55 - Martin Vigo, Salesforce - Attacks on LastPass (from BlackHat 2015)
 +
 
 +
8:00 - 8:25 - Russell Sherman and Jonathan Carter, Lending Club –Adventures in Running Your Own CTF
 +
 
 +
'''February 2016 - RiskIQ'''
 +
 
 +
=== 2015 Past Events ===
 +
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!
 +
 
 +
Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
 +
=== 2014 Past Events ===
 +
* December 2014 - San Francisco @ Mozilla
 +
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
 +
** Jasvir Nagra, Google - Firing Bots at Bugs
 +
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
 +
* August 2014 - San Francisco @ Lookout
 +
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
 +
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
 +
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
 +
*May 2014 - Redwood City @ Evernote
 +
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
 +
** Arshad Noor - CTO, StrongAuth
 +
** Rich Tener - Director of Security, Evernote
 +
* March 2014 - San Francisco @ Stripe
 +
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
 +
** Hosted by [https://stripe.com/ Stripe]<br>
 +
* Feb 2014 - San Jose @ Jillians
 +
** OWASP Developer Training & Social Hour - Monday 2/24/2013
 +
** Hosted by OWASP at Jillian's Billiards Club
 +
*Feb 2014 - Special Free Training Event
 +
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities. 
 +
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes. 
 +
*Jan 2014 - San Jose @ F5
 +
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
 +
** Hosted by [http://www.f5.com/ F5]
 +
==== 2013 Past Events ====
 +
*Dec 2013 - San Francisco @ Twilio
 +
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
 +
** Hosted by [http://www.twilio.com/ Twilio]
 +
*Nov 2013 - San Francisco @ LendingClub
 +
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
 +
** Hosted by [https://www.lendingclub.com/ LendingClub]
 +
* Sept 2013 - Mt View @ Shape Security
 +
** OWASP Social Hour in Mountain View -  Wednesday 9/25/13
 +
** Hosted by [http://www.shapesecurity.com/ Shape Security]
 +
*July 2013 - Berkeley @ University of Berkely
 +
** OWASP Presentation Meeting
 +
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
 +
** "Putting Your Robots to Work", Twitter Security Team
 +
 
 +
==== Older Events ====
 
[[Bay Area Past Events]]
 
[[Bay Area Past Events]]
 +
 +
== Bay Area Chapter Leaders ==
 +
 +
*Travis McPeak - Chapter Leader
 +
* William Bengtson
 +
* Brendan Higgins
 +
* Aaron Sutter
 +
* Christian DeHoyos
 +
* Prashant Venkatesh
 +
* Leif Dreizler
 +
* Tad Whitaker
 +
* Astha Singhal
 +
* Michael Coates
 +
 +
= Stay In Touch =
 +
* All events will be listed on this webpage
 +
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
 +
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]
 +
 +
[[Category:OWASP Chapter]]
 +
[[Category:United States]]
 +
[[Category:California]]

Latest revision as of 18:23, 14 January 2019

Bay Area Chapter Board

Interested in finding out more? Will contact you with information on the first in person chapter board discussion in San Francisco

Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2

Chapter Meetings

Bay Area OWASP Chapter meetings are posted on our meetup!

Please visit http://www.meetup.com/Bay-Area-OWASP/ for all chapter event information.

Our next event

We hold regular events across the OWASP Bay Area.

Check out our meetup page for upcoming events: More info on meetup.com


OWASP Bay Area

Welcome to the Bay Area chapter homepage.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG
Highres 469396345.jpg
OWASP Cali.jpg
March 2018.jpg

OWASP-Bay-Area-Aug-2014.png

Picture is @BenHagen talking about cloud security and applications

About OWASP Bay Area Chapter

Geographic Area of Bay Area Chapter

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

Become a Presenter

Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

Link to submit

Notes about OWASP presentations

OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.


Chapter Meetings

OWASP Bay Area Meetup - All events can be found here

About Presentation Events

Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

About OWASP Social Hours

The purpose of the OWASP social gathering is:

  • Informal security chat - the benefits of "hallway con" and security talk with others in the industry
  • Networking - meet other people in the field and industry
  • After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events. https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact [email protected]


Past Events

2018 Past Events

March 2018 - AppDynamics

• 6:30 - Doors open

• 7:00-7:30 - HUNT: Data Driven Web Hacking & Manual Testing (JP Villanueva)

• 7:35-8:05 - Detecting suspicious activity: Time-based analysis of DNS traffic (Barak Raz)

• 8:05-9:00 - Networking

March 2018 - Intuit

• 6:30 - Doors open

• 7:00-7:30 New Attacks Against Unencrypted Traffic (Travis Hassloch)

• 7:35-8:05 - "Offensive Defense" - The best defense is a good offense (Stephan Chenette)

• 8:05-9:00 - Networking

*Special Event* - February 2018 - HackerOne

Hacker Thursday - Mobile Application Security

*Special Event* - January 2018 - CircleCI

Hacker Thursday - Application Security Automation with OWASP ZAP 2.7.0

January 2018 - Smyte

• 6:30 - Doors open

• 6:45 - 6:55 News Bites (Lina)

• 7:00-7:30 - Simple is Better: Fighting Online Abuse with Rate Limiter

• 7:35-8:05 - Reporter -> P.I. -> Security Engineer - How Curiosity Led to an InfoSec Career (Tad Whitaker)

• 8:10-8:40 - XXE Vulnerabilities: From the Beginning Till Now (Ivan Novikov)

• 8:40-9:00 - Networking

2017 Past Events

*Special Event* - December 2017 - Shape Security

Hacker Thursday - Unorthodox Security Assessment: OSINT for Intelligent Attacks

Nutan Kumar Panda

December 2017 - Contrast Security

• 6:30 - Doors open

• 6:45-7:00 - Welcome

• 7:00-8:00 - Three Ways of Security (Jeff Williams)

• 8:00-9:00 - Networking and Giveaways!

November 2017 - Credit Karma

• 6:30 - Doors open

• 6:45-7:00 - News with Hardeep Singh

• 7:00-7:30 - Three Keys for SecDevOps Success (Frank Kim)

• 7:35-8:05 - TLS for Microservices (Michael Cline)

• 8:05-9:00 - Networking

*Special Event* - November 2017 - Credit Karma

Hacker Thursdays: Learn secure coding with a live tournament

Stephen Allor

*Special Event* - October 2017 - ShieldX Networks

Hacker Thursdays:- Dissecting Injection vulnerabilities

Matt Torbin

September 2017 - Distil Networks

• 6:30 Doors Open

• 6:45 - 7:15 "The Great Bot Gift Card Heist" - Kevin Bottomley

• 7:20 - 7:50 "Scaling Application Security with DevSecOps" - Abhay Bhargav

• 7:55 - 8:25 "The Struts Vulnerability" - Prashant Venkatesh

• 8:25 - 9:00 Networking

• 9 Doors Close

September 2017 - Intuit

• 6:30 Doors Open

• 6:45 - 7:15 "Making Vulnerability Management Less Painful with OWASP DefectDojo" - Greg Anderson

• 7:20 - 7:50 "Crikey! Pirates Be Lurkin' at the Single Sign-On Watering Hole" - Mike Hunter

• 7:55 - 8:25 "There’s a new sheriff in town; dynamic security group recommendations with Grouper and Dredge" - Kevin Glisson

• 8:25 - 9:00 Networking

• 9 Doors Close

September 2017 - Lending Club

• 6:30 Doors Open

• 6:45 - 7:25 "Introducing the OWASP Game Security Framework" - Daniel Miessler

• 7:30 - 8:10 "Motherhood, Mental Health, and a Career in CyberSecurity" - Caroline Wong

• 8:10 - 9 Networking

• 9 Doors Close

*Special Event* - September 2017 - Lending Club

Web Application Penetration Basics

Ty Sbano

June 2017 - Lending Club

• 6:30 Doors Open

• 6:45 - 7:25 "Introducing the OWASP Game Security Framework" - Daniel Miessler

• 7:30 - 8:10 "Motherhood, Mental Health, and a Career in CyberSecurity" - Caroline Wong

• 8:10 - 9 Networking

• 9 Doors Close

May 2017 - Netflix (videos on youtube)

• 6:30 Doors Open

• 6:45 - 7:15 "All you email are belong to us: exploiting vulnerable email clients via domain name collision" - Ilya Nesterov and Maxim Goncharov

• 7:20 - 7:40 "Attacking & Defending DevOps" - Patrick Thomas

• 7:45 - 8:05 "LISA - Location Independent Security Approach" - Bryan Zimmer

• 8:05 - 9 Networking and Netflix OSS expo

• 9 Doors Close

April 2017 - Pandora (videos on youtube)

• 6:30 Doors Open

• 6:45 - 7:30 "Effective AppSec Metrics" - Caroline Wong

• 7:35 - 8:20 "IoT Exploitation 101" - Aditya Gupta

• 8:25 - 9:00 Networking

• 9:00 Doors Close

March 2017 (2) - Ebay

• 6:30 Doors Open

• 6:45 - 7:15 "Cracking Financial Systems" - John Menerick

• 7:20 - 7:50 "Hacking Mainframes" - Philip Young

• 7:55 - 8:25 "Hacking Smart Door Locks with Bluetooth Relay Attacks" - Mike Ryan

• 8:25 - 9 Networking

• 9 Doors Close

March 2017 - NetSpi

• 6:30 Doors Open

• 6:45 - 7:15 "Cracking Financial Systems" - John Menerick

• 7:20 - 7:50 "SQL Server Security" - Scott Sutherland

• 7:50 - 9 Networking

• 9 Doors Close

January 2017 (2) - Synack

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1

Robert Wood - Bringing Red Teaming to the Board Room

• 7:45 - 8:30 Panel Discussions

• 8:30+ Networking

• 9 Doors Close

January 2017 - Bleacher Report

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1

Robert Wood - Bringing Red Teaming to the Board Room

• 7:45 - 8:30 Talk 2

Rob Witoff - Security Automation With Immutable Infrastructure

• 8:30+ Networking

• 9 Doors Close

2016 Past Events

November (2) 2016 - Linkedin

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 (Rohit Pitke, Mukul Khullar - A walkthrough on AWS Security Pitfalls)

• 7:45 - 8:30 Talk 2 (Scott Behrens - Cleaning Your Applications' Dirty Laundry With Scumblr )

• 8:30+ Networking

November 2016 - Salesforce

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 -Will Bengston and Travis McPeak - Jumpstart a Bandit Program in Your Organization

• 7:45 - 8:30 Talk 2 - Kuba Sendor (@jsendor), Yelp - "Slicing Apples with Ninja Sword: Fighting Malware at the Corporate Level"

September 2016 - Twitter

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 - Ron Hamilton, Performance Technology Partners (PTP)

• 7:45 - 8:30 Talk 2 - Luca Carettoni, LinkedIn Defending against Java Deserialization Vulnerabilities

June 2016 - Visa

6:30 - Doors Open

6:45 - Talk 1 - Secure by Default Stack: Web Application Security Infrastructure - Pritam Mungse, Visa

7:30 - Break

7:40 - Talk 2 - Research on HTTPS error storage policies, Adrienne Porter Felt, Google

8:30 - Networking

May 2016 - Thoughtworks

• 6:30 Doors Open

• 6:45-7:45 Chris Steipp,  Security Team - Wikimedia (How the Wikimedia Foundation promotes security in the open-source projects)

• 7:50 - 8:20 Michael Coates, TISO at Twitter & Kyle Randolph, Principal Security Engineer at Optimizely - Strategies for growing your AppSec team & influence

• 8:20+ Networking

April 2016 - Lending Club

6:30- Doors Open

6:40 - 7:15 - Joe Rozner, Richard Meester,  Prevoty - Sinking Your Hooks in Applications (from AppSecUSA 2015)

7:20 - 7:55 - Martin Vigo, Salesforce - Attacks on LastPass (from BlackHat 2015)

8:00 - 8:25 - Russell Sherman and Jonathan Carter, Lending Club –Adventures in Running Your Own CTF

February 2016 - RiskIQ

2015 Past Events

OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the meetup page

2014 Past Events

  • December 2014 - San Francisco @ Mozilla
    • OWASP Chapter Meeting in San Francisco hosted by Mozilla
    • Jasvir Nagra, Google - Firing Bots at Bugs
    • Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
  • August 2014 - San Francisco @ Lookout
    • OWASP Chapter Meeting in San Francisco hosted by Lookout
    • Paul McMillan from Nebula @PaulM - Attacking the Internet of Things using Time
    • Ben Hagen from Netflix @BenHagen - Cloud Security at Scale and What it Means for Your Application
  • May 2014 - Redwood City @ Evernote
    • OWASP Chapter Meeting in Redwood City hosted by Evernote
    • Arshad Noor - CTO, StrongAuth
    • Rich Tener - Director of Security, Evernote
  • March 2014 - San Francisco @ Stripe
    • OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
    • Hosted by Stripe
  • Feb 2014 - San Jose @ Jillians
    • OWASP Developer Training & Social Hour - Monday 2/24/2013
    • Hosted by OWASP at Jillian's Billiards Club
  • Feb 2014 - Special Free Training Event
    • OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
    • Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
  • Jan 2014 - San Jose @ F5
    • OWASP Social Hour in San Jose - Wednesday 1/22/2013
    • Hosted by F5

2013 Past Events

  • Dec 2013 - San Francisco @ Twilio
    • OWASP Social Hour in San Francisco - Thursday 12/19/2013
    • Hosted by Twilio
  • Nov 2013 - San Francisco @ LendingClub
    • OWASP Social Hour in Mountain View - Wednesday 11/6/13
    • Hosted by LendingClub
  • Sept 2013 - Mt View @ Shape Security
    • OWASP Social Hour in Mountain View - Wednesday 9/25/13
    • Hosted by Shape Security
  • July 2013 - Berkeley @ University of Berkely
    • OWASP Presentation Meeting
    • An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
    • "Putting Your Robots to Work", Twitter Security Team

Older Events

Bay Area Past Events

Bay Area Chapter Leaders

  • Travis McPeak - Chapter Leader
  • William Bengtson
  • Brendan Higgins
  • Aaron Sutter
  • Christian DeHoyos
  • Prashant Venkatesh
  • Leif Dreizler
  • Tad Whitaker
  • Astha Singhal
  • Michael Coates

Stay In Touch