This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
(Wednesday, September 16th, 2009 7:30PM)
m
 
(654 intermediate revisions by 11 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Los Angeles|extra=The chapter leader is [mailto:[email protected] Cassio Goldschmidt]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Losangeles|emailarchives=http://lists.owasp.org/pipermail/owasp-losangeles}}
+
= Welcome =
  
<paypal>LosAngeles</paypal>
+
<h2>Welcome to the OWASP Los Angeles Chapter!</h2>
  
== Local News ==
+
[https://www.owasp.org/index.php/WASPY_Awards_2013/ OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY]
 +
<br>
 +
The chapter leadership includes: [mailto:[email protected] Richard Greenberg] -- Chapter Leader and President,  [mailto:[email protected] Cassio Goldschmidt] -- Board Member, [mailto:[email protected] Cody Wood] -- Board Member,  [mailto:[email protected] Stuart Schwartz] -- Board Member, [mailto:[email protected] Tony Trummer] -- Board Member, [mailto:[email protected] Dave Wettenstein] -- Board Member, [mailto:[email protected] Edmond Momartin] -- Board Member
 +
<br>
 +
[[Image:New_OWASP_LA_Logo-08-2014.jpg|700px|New_OWASP_LA_Logo-08-2014.jpg]]
 +
<h2>[http://www.meetup.com/OWASP-Los-Angeles https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-Los-Angeles We are on Meetup. Please join our community here]</h2>
 +
<br>
 +
 
 +
<h2>Become a Sponsor</h2>
 +
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission
 +
=== See all of our Chapter sponsors here: ===
 +
https://www.meetup.com/OWASP-Los-Angeles/sponsors/
 +
 
 +
''[[File:Button_red_sponsor.png|300px| left | link=https://www.eventbrite.com/e/owasp-los-angeles-chapter-meeting-sponsor-tickets-30572600471]]''
 +
 
 +
- Meet upwards of 80-120 potential new clients
 +
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site
 +
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
 +
- Have a table at local chapter meeting with lots of time to meet and greet attendees
 +
- Promote your products and services
 +
- Bring a raffle prize to gather business cards and contact information
 +
The cost is only $1,200
 +
 
 +
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations
 +
{{Chapter Template|chaptername=Los Angeles|extra=
 +
|mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-losangeles|emailarchives=http://lists.owasp.org/pipermail/owasp-losangeles/}}
  
<h2 style="margin:0; background:#cef2e0; font-size:120%; font-weight:bold; border:1px solid #a3bfb1; text-align:left; color:#000; padding:0.2em 0.4em;">Upcoming Chapter Meetings </h2>
+
= Meetings =
  
 +
== '''Upcoming OWASP Meetings'''  ==
 
<br>
 
<br>
    <b>Meeting Location</b>
+
https://www.meetup.com/OWASP-Los-Angeles/
    [http://maps.google.com/maps?q=900+Corporate+Pointe,+90230&ie=UTF8&oe=UTF-8&ll=33.988385,-118.387041&spn=0.010284,0.014055&t=h&z=16&iwloc=addr Symantec Corporation]
+
 
    900 Corporate Pointe
+
== Would you like to speak at an OWASP Los Angeles Meeting? ==
    Culver City, CA 90230
+
 
    Laguna Conference Room
+
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:[email protected] Cassio Goldschmidt] OR [mailto:[email protected] Stuart Schwartz]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.
 +
 
 +
== Join Us on Meetup! ==
 +
 
 +
http://www.meetup.com/OWASP-Los-Angeles/
 +
 
 +
== Become an OWASP Member TODAY ==
 +
 
 +
=== OWASP Individual Membership Info ===
 +
 
 +
https://www.owasp.org/index.php/Individual_Member
 +
 
 +
=== OWASP Corporate Membership Info ===
 +
 
 +
https://www.owasp.org/index.php/Corporate_Membership
 +
 
 +
== Meeting Archives  ==
 +
[[Los Angeles Presentation Archive |Presentation Archive]]
 +
 
 +
[[Los Angeles/2018 Meetings|2018 Meetings]]
 +
 
 +
[[Los Angeles/2017 Meetings|2017 Meetings]]
 +
 
 +
[[Los Angeles/2016 Meetings|2016 Meetings]]
 +
 
 +
[[Los Angeles/2015 Meetings|2015 Meetings]]
 +
 
 +
[[Los Angeles/2014 Meetings|2014 Meetings]]
 +
 
 +
[[Los Angeles/2013 Meetings|2013 Meetings]]
 +
 
 +
[[Los Angeles/2012 Meetings|2012 Meetings]]
 +
 
 +
[[Los Angeles/2011 Meetings|2011 Meetings]]
 +
 
 +
[[Los Angeles/2010 Meetings|2010 Meetings]]
 +
 
 +
[[Los Angeles/2009 Meetings|2009 Meetings]]
  
 +
[[Los Angeles/2008 Meetings|2008 Meetings]]<!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].-->
  
 +
= OWASP LA Conferences =
  
 +
https://2019.appseccalifornia.org/ Appsec California 2019 Jan 24-25, 2019 / Training Jan 22-23
  
 +
https://2018.appseccalifornia.org/ Appsec California 2018 Jan 30-31, 2018 / Training Jan 28-29
  
== Wednesday, September 16th, 2009 7:30PM ==
+
https://2017.appseccalifornia.org/ AppSec California 2017 held once again at the amazing Annenberg Community Beach House, right on the beach in Santa Monica, January 23-25, 2017, was a great success!
* <b>The Rise of Threat Analysis and the Fall of Compliance, Policies, and Standards in mitigating Web Application Security Risks</b>
 
<br>
 
On August 5th of 2009, Federal prosecutors on Monday charged Albert Gonzales with the largest case of credit and debit card data theft ever in the United States: 130 million credit cards numbers by hacking into the systems of Heartland Payment Systems, the New Jersey-based card processing company, as well as Hannaford Brothers, 7-Eleven and two unnamed national retailers. Using a SQL-injection attack, the hackers installed malware on Hannaford Brothers. Hannaford was PCI compliant at the time they were compromise that lets question the validity of regulatory compliance frameworks, and specifically PCI standards as an effective method to reduce data breaches, identity theft, and the proliferation of credit card fraud. This presentation will further analyze how status quo security standards, such as PCI-DSS, as well as other policies, standards, and guidelines truly affect security risk mitigation efforts against cybercrime based threats.  These traditional efforts will be compared to threat modeling workflows in order to demonstrate how real risk is mitigated under each scenario.
 
<br><br>
 
Cases for financial fraud will be anonymously presented to create a business case for application threat modeling as a viable methodology to drive improved application design and security risk mitigation.  Threat modeling concepts will be elaborated in order to prove how application architecture walkthroughs via threat modeling improve the mitigation of cybercrime threats. Attacker motives and goals will be presented and incorporated into attack trees and it will show how attack libraries can be used to effectively identify application vulnerabilities and devise countermeasures in web application.
 
<br><br>
 
From the risk analysis perspective, several attacks will be considered and highlighted, particularly attacks that represent a systemic impact to an organization or government (such as for example a distributed denial of service).
 
<br><br>
 
Through the presentation of threat modeling scenarios, analyses and correlations will be drawn from the represented model(s) to attack patterns, associated and discovered security vulnerabilities, data sources, application topologies, and possible roles and permissions associated with the application environment. The purpose of the presentation is to demonstrate how application threat modeling can be used as part of a nouveau age form of security risk mitigation and overall application security.  Data flow diagrams and application walkthroughs will enable audience members to witness how application threat modeling is an evolved form of security process engineering for improved application design and overall application security.  The presentation will also demonstrate how threat modeling is capable of delivering critical business functions as well as in mitigating current and future cyber attacks, such as distributed denial of service, botnet driven-malware, spear phishing techniques, and more attacks that ultimately lead to identity and credit card fraud.
 
<br><br>
 
From the point of view of current and future cybercrime risk mitigation, several different strategies for application threat modeling will be discussed as related to securing both the web application web and critical financial infrastructures, such as ATMs. Finally some emphasis will be given to countermeasures that provide for incident response, intelligence and forensics capabilities.
 
<br><br>
 
Presentation outline, defining all topics that will be covered:
 
* Status quo of regulatory compliance in mitigating risk
 
* Threat modeling techniques for cybercrime threats
 
* Attack tree analysis for attack tree vectors
 
* Threat modeling for multi-channel fraud threat scenarios
 
* Cyber crime threats and application countermeasures via threat modeling
 
* Example of mitigation strategies for cybercrime and application of defense in depth for web applications
 
<br><br>
 
Any supporting research/tools:
 
* Threat models and attack trees
 
* Threat model are produced using the Microsoft™ threat modeling tool
 
* Public available cybercrime data will be presented and correlated
 
<br><br>
 
  
<B>Marco Morana</b> serves as one of the leaders of OWASP (Open Web Application Security Project) organization where he is actively involved in evangelize on web application security through presentations at local chapter meetings in USA as well as internationally. Marco has recently been awarded a contract from Wiley Publishing to co-author a book on Application Threat Modeling.
+
Web archive: http://2010.AppSecUSA.org
<br><br>
 
Besides being the OWASP Cincinnati chapter lead, Marco is also active contributor to OWASP projects such as the application threat modeling methodology for secure coding guideline and the security testing guide (ver. 2 and 3). Besides contributing to OWASP, Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the organization web application security standards, management of application security assessments during the SDLC, threat-fraud analysis and training of software developers, project managers and architects on different topics related to application security.
 
<br><br>
 
In the past, Marco served as senior security consultant and independent consultant where his responsibilities included providing software security services for several clients in the financial and banking, telecommunications and commercial sector industry. Besides security consulting, Marco had a career as technologist in the security industry where he contributed to the design business critical security products currently being used by several FORTUNE 500 companies as well by the US Government.
 
<br><br>
 
Marco work on software security is referred in the 2007 State Of the Art report by the Information Assurance Technology Analysis Center (IATAC). Marco received the NASA’s Space Act Award in 1999 for the patenting the S/MIME SEP (Secure Email Plug-in) application.
 
<br><br>
 
Marco research work on application and software security is widely published on several magazines such as In-secure magazine, Secure Enterprise, ISSA Journal and the C/C++ Users journal. Marco’s ideas and strategies for writing secure software are posted on his blog: http://securesoftware.blogspot.com.  
 
<br><br>
 
  
 +
Videos: http://vimeo.com/user4863863/videos<br>
  
<b>Tony UcedaVelez</b> has more than 10 years of hands-on security and technology experience and is a vocal advocate of security process engineering – a terminology that describes the design and development of secure processes and controls working symbiotically to a unique business workflow.  Tony currenlty serves as Managing Director for an Atlanta based risk advisory firm that focuses on security strategy and delivering effective means for risk mitigation and security process engineering. He has worked and consulted for the Fortune 500, as well as federal agencies in the U.S on the topic of application security and security process engineering.  His diverse background in software development, security architecture, and network security, coupled with his expertise in process engineering and security risk management has allowed Tony to be a recognized leader in developing strategic security solutions that are multi-faceted in their approach to addressing enterprise risk. 
+
[[File:AppSec Cali 2019 Logo.jpg|362x362px]]
<br><br>
 
In the realm of application security, Tony is a threat modeling evangelist and has provided numerous talks domestically and globally on its many benefits and application.  He has served as a guest mentor to teams participating in Kennesaw State University’s annual Cybercrime capture the flag event as well as a Cybercrime speaker for Southern Polytechnic University in Atlanta.  He has also served as a guest speaker on the subject of application threat modeling during ISACA’s annual Geek Week event and has also served as a keynote speaker on the subject for ISACA’s Global Symposium web cast series.  Additional articles include articles related to CoBIT and the ValIT model (ISACA’s Journal), application threat modeling within the SDLC (InSecureMagazine), and security process engineering for a ROSI (return on security investment) (Journal of Finance).  He is currently finalizing a Wiley publishing book on Application Threat Modeling with Marco Morana. 
 
<br><br>
 
Prior to VerSprite, Tony served as Sr. Director of Security Risk Management to a Fortune 50 organization where he led security assessments against global application environments.  His work encompassed web application security testing, security architecture reviews, and analysis for business logic exploits.  He applied effective ways to introduce the subject of application risk to information owners by effectively mapping them to causal factors for business.  Previous to this role, he spent more than 5 years in the field of application security across other Fortune 500 organizations within the banking, telecom, and information service industry segments.
 
<br><br>
 
Tony currently leads the OWASP Atlanta Chapter, where he manages monthly workshops and events for the Atlanta web application security community.  He also has developed a case study program for the Atlanta chapter in order to develop case studies with local Atlanta companies who are seeking to apply application threat modeling techniques within the SDLC and/ or incorporate the many OWASP produced tools and frameworks.  Tony can be reached at [email protected] or [email protected].
 
<br><br>
 
== Wednesday, November 18th, 2009 7:30PM ==
 
* <b>TBA</b>
 
<br>
 
PLease check this page later.
 
<br><br>
 
  
<B>Brian Chess</b> is a founder of Fortify Software and serves as Fortify's Chief Scientist, where his work focuses on practical methods for creating secure systems. His book, Secure Programming with Static Analysis, shows how static source code analysis is an indispensable tool for getting security right. Brian holds a Ph.D. in computer engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Before settling on security, Brian spent a decade in Silicon Valley working at huge companies and small startups. He has done research on a broad set of topics, ranging from integrated circuit design all the way to delivering software as a service.
+
= Chapter Sponsors =
<br><br>
 
  
= Would you like to speak at an OWASP Los Angeles Meeting? =
 
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email to [mailto:[email protected] Cassio Goldschmidt].  When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template]
 
  
<br>
 
  
[https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations This page] provides a [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations list of previous presentations] conducted at the Los Angeles Chapter.
+
= Chapter Leaders =
<br>
 
  
<br>
+
*[mailto:[email protected] Richard Greenberg] -- Chapter Leader and President 
 +
*[mailto:[email protected] Cassio Goldschmidt] -- Board Member
 +
*[mailto:[email protected] Cody Wood] -- Board Member
 +
*[mailto:[email protected] Stuart Schwartz] -- Board Member
 +
*[mailto:[email protected] Tony Trummer] -- Board Member
 +
*[mailto:[email protected] Dave Wettenstein] -- Board Member
 +
*[mailto:[email protected] Edmond Momartin] -- Board Member 
  
=Los Angeles Chapter Leader=
+
OWASP Wiki: [mailto:president.la@owasp.org Chapter President] <br>
*[mailto:cassio@owasp.org Cassio Goldschmidt]
+
The Los Angeles chapter was founded by Cassio Goldschmidt.
  
 +
[[Category:OWASP Chapter]]
 +
[[Category:United States]]
 
[[Category:California]]
 
[[Category:California]]
 +
__NOTOC__ <headertabs></headertabs>

Latest revision as of 06:49, 14 January 2019

Welcome to the OWASP Los Angeles Chapter!

OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY
The chapter leadership includes: Richard Greenberg -- Chapter Leader and President, Cassio Goldschmidt -- Board Member, Cody Wood -- Board Member, Stuart Schwartz -- Board Member, Tony Trummer -- Board Member, Dave Wettenstein -- Board Member, Edmond Momartin -- Board Member
New_OWASP_LA_Logo-08-2014.jpg

Meetup_logo3.jpg We are on Meetup. Please join our community here


Become a Sponsor

Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

See all of our Chapter sponsors here:

https://www.meetup.com/OWASP-Los-Angeles/sponsors/

Button red sponsor.png
 
- Meet upwards of 80-120 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting with lots of time to meet and greet attendees
- Promote your products and services
- Bring a raffle prize to gather business cards and contact information

The cost is only $1,200

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

OWASP Los Angeles

Welcome to the Los Angeles chapter homepage.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Upcoming OWASP Meetings


https://www.meetup.com/OWASP-Los-Angeles/

Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Cassio Goldschmidt OR Stuart Schwartz. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.

Join Us on Meetup!

http://www.meetup.com/OWASP-Los-Angeles/

Become an OWASP Member TODAY

OWASP Individual Membership Info

https://www.owasp.org/index.php/Individual_Member

OWASP Corporate Membership Info

https://www.owasp.org/index.php/Corporate_Membership

Meeting Archives

Presentation Archive

2018 Meetings

2017 Meetings

2016 Meetings

2015 Meetings

2014 Meetings

2013 Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

https://2019.appseccalifornia.org/ Appsec California 2019 Jan 24-25, 2019 / Training Jan 22-23

https://2018.appseccalifornia.org/ Appsec California 2018 Jan 30-31, 2018 / Training Jan 28-29

https://2017.appseccalifornia.org/ AppSec California 2017 held once again at the amazing Annenberg Community Beach House, right on the beach in Santa Monica, January 23-25, 2017, was a great success!

Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Cali 2019 Logo.jpg

OWASP Wiki: Chapter President
The Los Angeles chapter was founded by Cassio Goldschmidt.

Retrieved from "https://wiki.owasp.org/index.php?title=Los_Angeles&oldid=246541"