This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Bay Area"

From OWASP
Jump to: navigation, search
(Date and Location)
(added leaders)
 
(191 intermediate revisions by 13 users not shown)
Line 1: Line 1:
 +
 +
= Bay Area Chapter Board =
 +
Interested in finding out more? Will contact you with information on the first in person chapter board discussion in San Francisco
 +
 +
Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2
 +
 +
= Chapter Meetings =
 +
 +
Bay Area OWASP Chapter meetings are posted on our meetup!
 +
 +
Please visit http://www.meetup.com/Bay-Area-OWASP/ for all chapter event information.
 +
 +
== Our next  event ==
 +
We hold regular events across the OWASP Bay Area.
 +
 +
Check out our meetup page for upcoming events:
 +
[http://www.meetup.com/Bay-Area-OWASP/events/226890416/? More info on meetup.com]
 +
 
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}
 
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}
 +
[[File:Highres 469396345.jpg|center|thumb|868x868px]]
 +
 +
[[File:OWASP Cali.jpg|center|thumb|825x825px]]
 +
 +
[[File:March 2018.jpg|thumb|848x848px]]
  
==== Local News ====
+
[[File:OWASP-Bay-Area-Aug-2014.png]]
<paypal>Bay Area</paypal>
 
  
==== Chapter Meetings ====
+
Picture is @BenHagen talking about cloud security and applications
==Date and Location==
 
  
OWASP Bay Area will host its next Application Security Summit at the Fujitsu Offices in Sunnyvale on February 25th. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security. We have an excellent line-up of speakers.
+
= About OWASP Bay Area Chapter=
 +
== Geographic Area of Bay Area Chapter ==
  
Please note that due to security issues, your must pre-register. The registration will ask you for citizenship/permanent residence status as well. Badges will be ready for the registered attendees at the lobby where you will check in.  
+
The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.  
  
WHAT: OWASP Bay Area Chapter - Application Security Summit
+
== Become a Presenter ==
WHEN: Thursday, February 25th, 2010 - From 1 P.M. to 8.00 P.M. (including a reception from 6.30 to 8.00)
+
Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting
  
WHERE: Fujitsu Offices, Sunnyvale - See below for directions
+
[https://docs.google.com/a/owasp.org/forms/d/1ImmfY5KtSILjIym1uToOzSmT2Xv58bVzfxUPDAAn9-c/viewform Link to submit]
  
 +
=== Notes about OWASP presentations ===
 +
OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.
  
 +
OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.
  
Agenda:
 
  
1:00 PM - 1:15 PM ... Check-in, registration, networking
+
== Chapter Meetings ==
1:15 PM - 1:30 PM ... Welcome Remarks and Overview of OWASP Bay Area - Mandeep Khera, Bay Area Chapter Leader
 
1:30 PM - 2:15 PM ... Keynote - Vishal Sikka, CTO, SAP
 
2:15 PM - 3:00 PM ... WebBlaze: New Techniques and Tools for Web Security - Dawn Song, Associate Professor, UC Berkeley
 
3:00 PM - 3:30 PM ... Networking Break, refreshments
 
3:30 PM - 4:00 PM ... State of the Art: Automated Black-Box Web app testing- Prof. John Mitchell, Stanford University and Jason Bau, PH.D. Student, Stanford
 
4:00 PM - 4:30 PM ... Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control - Richard Chow, PARC
 
4.30 PM - 5.00 PM ... TBD - Praveen Murthy, Fujitsu
 
5.00 PM - 6.00 PM ... Panel - App Security issues - Cloud Security, Inertia with App Security, Future of App Security - Q&A from the audience
 
6.30 PM - 8.00 PM ... Networking Reception - Dinner and Drinks!
 
  
Venue and Directions:
+
[http://www.meetup.com/Bay-Area-OWASP/ OWASP Bay Area Meetup] - All events can be found here
  
Fujitsu Sunnyvale Campus (Building H)
+
=== About Presentation Events ===
1250 E. Arques Avenue
+
Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.
Sunnyvale, CA 94085
 
  
Fujitsu Policy : Please note that you will be asked to sign and write down your country of citizenship in order to comply with US Customs regulations and C/TPAT (Customs Trade Partnership Against Terrorism) certifications. As part of the compliance, we regrettably are not able to allow attendance to those who hold the citizenship of Cuba, Iran, North Korea, Sudan, or Syria without a US Green Card. We sincerely apologize for any inconvenience this may cause.
+
=== About OWASP Social Hours===
 +
The purpose of the OWASP social gathering is:
  
 +
* Informal security chat - the benefits of "hallway con" and security talk with others in the industry
 +
* Networking - meet other people in the field and industry
 +
* After work drinks - a nice break after a long work day
 +
 +
Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
 +
https://www.owasp.org/index.php/Bay_Area
 
   
 
   
 +
Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact [email protected]
 +
 +
 +
 +
==Past Events==
 +
 +
=== '''2018 Past Events''' ===
 +
 +
'''March 2018 - AppDynamics'''
 +
 +
• 6:30 - Doors open
 +
 +
• 7:00-7:30 - HUNT: Data Driven Web Hacking & Manual Testing (JP Villanueva)
 +
 +
• 7:35-8:05 - Detecting suspicious activity: Time-based analysis of DNS traffic (Barak Raz)
 +
 +
• 8:05-9:00 - Networking
 +
 +
'''March 2018 - Intuit'''
 +
 +
• 6:30 - Doors open
 +
 +
• 7:00-7:30 New Attacks Against Unencrypted Traffic (Travis Hassloch)
 +
 +
• 7:35-8:05 - "Offensive Defense" - The best defense is a good offense (Stephan Chenette)
 +
 +
• 8:05-9:00 - Networking
 +
 +
'''*Special Event* - February 2018 - HackerOne'''
 +
 +
Hacker Thursday - Mobile Application Security
 +
 +
'''*Special Event* - January 2018 - CircleCI'''
 +
 +
Hacker Thursday - Application Security Automation with OWASP ZAP 2.7.0
 +
 +
'''January 2018 - Smyte'''
 +
 +
• 6:30 - Doors open
 +
 +
• 6:45 - 6:55 News Bites (Lina)
 +
 +
• 7:00-7:30 - Simple is Better: Fighting Online Abuse with Rate Limiter
 +
 +
• 7:35-8:05 - Reporter -> P.I. -> Security Engineer - How Curiosity Led to an InfoSec Career (Tad Whitaker)
 +
 +
• 8:10-8:40 - XXE Vulnerabilities: From the Beginning Till Now (Ivan Novikov)
 +
 +
• 8:40-9:00 - Networking
 +
 +
=== '''2017 Past Events''' ===
 +
 +
'''*Special Event* - December 2017 - Shape Security'''
 +
 +
Hacker Thursday - Unorthodox Security Assessment: OSINT for Intelligent Attacks
 +
 +
Nutan Kumar Panda
 +
 +
'''December 2017 - Contrast Security'''
 +
 +
• 6:30 - Doors open
 +
 +
• 6:45-7:00 - Welcome
 +
 +
• 7:00-8:00 - Three Ways of Security (Jeff Williams)
 +
 +
• 8:00-9:00 - Networking and Giveaways!
 +
 +
'''November 2017 - Credit Karma'''
 +
 +
• 6:30 - Doors open
 +
 +
• 6:45-7:00 - News with Hardeep Singh
 +
 +
• 7:00-7:30 - Three Keys for SecDevOps Success (Frank Kim)
 +
 +
• 7:35-8:05 - TLS for Microservices (Michael Cline)
 +
 +
• 8:05-9:00 - Networking
 +
 +
'''*Special Event* - November 2017 - Credit Karma'''
 +
 +
Hacker Thursdays: Learn secure coding with a live tournament
 +
 +
Stephen Allor
 +
 +
'''*Special Event* - October 2017 - ShieldX Networks'''
 +
 +
Hacker Thursdays:- Dissecting Injection vulnerabilities
 +
 +
Matt Torbin
 +
 +
'''September 2017 - Distil Networks'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:15 "The Great Bot Gift Card Heist" - Kevin Bottomley
 +
 +
• 7:20 - 7:50 "Scaling Application Security with DevSecOps" - Abhay Bhargav
 +
 +
• 7:55 - 8:25 "The Struts Vulnerability" - Prashant Venkatesh
 +
 +
• 8:25 - 9:00 Networking
 +
 +
• 9 Doors Close
 +
 +
'''September 2017 - Intuit'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:15 "Making Vulnerability Management Less Painful with OWASP DefectDojo" - Greg Anderson
 +
 +
• 7:20 - 7:50 "Crikey! Pirates Be Lurkin' at the Single Sign-On Watering Hole" - Mike Hunter
 +
 +
• 7:55 - 8:25 "There’s a new sheriff in town; dynamic security group recommendations with Grouper and Dredge" - Kevin Glisson
 +
 +
• 8:25 - 9:00 Networking
 +
 +
• 9 Doors Close
 +
 +
'''September 2017 - Lending Club'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:25 "Introducing the OWASP Game Security Framework" - Daniel Miessler
 +
 +
• 7:30 - 8:10 "Motherhood, Mental Health, and a Career in CyberSecurity" - Caroline Wong
 +
 +
• 8:10 - 9 Networking
 +
 +
• 9 Doors Close
 +
 +
'''*Special Event* - September 2017 - Lending Club'''
 +
 +
Web Application Penetration Basics
 +
 +
Ty Sbano
 +
 +
'''June 2017 - Lending Club'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:25 "Introducing the OWASP Game Security Framework" - Daniel Miessler
 +
 +
• 7:30 - 8:10 "Motherhood, Mental Health, and a Career in CyberSecurity" - Caroline Wong
 +
 +
• 8:10 - 9 Networking
 +
 +
• 9 Doors Close
 +
 +
'''May 2017 - Netflix (videos on youtube)'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:15 "All you email are belong to us: exploiting vulnerable email clients via domain name collision" - Ilya Nesterov and Maxim Goncharov
 +
 +
• 7:20 - 7:40 "Attacking & Defending DevOps" - Patrick Thomas
 +
 +
• 7:45 - 8:05 "LISA - Location Independent Security Approach" - Bryan Zimmer
 +
 +
• 8:05 - 9 Networking and Netflix OSS expo
 +
 +
• 9 Doors Close
 +
 +
'''April 2017 - Pandora (videos on youtube)'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:30 "Effective AppSec Metrics" - Caroline Wong
 +
 +
• 7:35 - 8:20 "IoT Exploitation 101" - Aditya Gupta
 +
 +
• 8:25 - 9:00 Networking
 +
 +
• 9:00 Doors Close
 +
 +
'''March 2017 (2) - Ebay'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:15 "Cracking Financial Systems" - John Menerick
 +
 +
• 7:20 - 7:50 "Hacking Mainframes" - Philip Young
 +
 +
• 7:55 - 8:25 "Hacking Smart Door Locks with Bluetooth Relay Attacks" - Mike Ryan
 +
 +
• 8:25 - 9 Networking
 +
 +
• 9 Doors Close
 +
 +
'''March 2017 - NetSpi'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:15 "Cracking Financial Systems" - John Menerick
 +
 +
• 7:20 - 7:50 "SQL Server Security" - Scott Sutherland
 +
 +
• 7:50 - 9 Networking
 +
 +
• 9 Doors Close
 +
 +
'''January 2017 (2) - Synack'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:30 Talk 1
 +
 +
Robert Wood - Bringing Red Teaming to the Board Room
 +
 +
• 7:45 - 8:30 Panel Discussions
 +
 +
• 8:30+ Networking
 +
 +
• 9 Doors Close
 +
 +
'''January 2017 - Bleacher Report'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:30 Talk 1
 +
 +
Robert Wood - Bringing Red Teaming to the Board Room
 +
 +
• 7:45 - 8:30 Talk 2
 +
 +
Rob Witoff - Security Automation With Immutable Infrastructure
 +
 +
• 8:30+ Networking
 +
 +
• 9 Doors Close
 +
 +
=== '''2016 Past Events''' ===
 +
'''November (2) 2016 - Linkedin'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:30 Talk 1 (Rohit Pitke, Mukul Khullar - A walkthrough on AWS Security Pitfalls)
 +
 +
• 7:45 - 8:30 Talk 2 (Scott Behrens - Cleaning Your Applications' Dirty Laundry With Scumblr )
 +
 +
• 8:30+ Networking
 +
 +
'''November 2016 - Salesforce'''
 +
 +
• 6:30 Doors Open
 +
 +
• 6:45 - 7:30 Talk 1 -Will Bengston and Travis McPeak - Jumpstart a Bandit Program in Your Organization
 +
 +
• 7:45 - 8:30 Talk 2 - Kuba Sendor (@jsendor), Yelp - "Slicing Apples with Ninja Sword: Fighting Malware at the Corporate Level"
  
REGISTER EARLY AS SEATING IS LIMITED
+
'''September 2016 - Twitter'''
  
Please RSVP by registering at http://owaspbayarea-feb2010.eventbrite.com/
+
• 6:30 Doors Open
  
==Agenda==
+
• 6:45 - 7:30 Talk 1 - Ron Hamilton, Performance Technology Partners (PTP)
  1:00 PM - 1:30 PM ... Check-in, registration, networking
 
  1:30 PM - 1:45 PM ... Welcome Remarks and Overview of OWASP Bay Area - Mandeep Khera, Bay Area Chapter Leader
 
                        [[Media:OWASP_Mandeep_Khera_BA_July09.pdf‎]]
 
  1:45 PM - 2:30 PM ... Development Issues Within AJAX Applications: How to Divert Threats - Lars Ewe, CTO, Cenzic
 
                        [[Media:OWASP-AJAX-Lars-Final.pdf]]
 
  2:30 PM - 3:30 PM ... Building a Corp App Security Assessment Program-Rob Jerdonek,Info Security Analyst,Intuit
 
                        [[Media:JerdonekChung_OWASP_July23_2009-public.pdf]]
 
  3:30 PM - 4:00 PM ... Networking Break, refreshments
 
  4:00 PM - 5:00 PM ... Mastering Session Management - Siva Ram, Lead Security Consultant, AppSec Consulting
 
                        [[Media:Siva Ram-Mastering Session Managment.pdf]] ‎
 
  5:00 PM - 6:00 PM ... From Rivals to BFF: WAF & VA Unite - Brian Contos, Chief Security Strategist, Imperva
 
                        [[Media:OWASP Brian Contos WAF and VA July2009 Final PUBLIC.pdf ‎]]
 
  6:00 PM - 8:00 PM ... Networking Reception - Food and Drinks!!
 
                        [[Media:OWASP- BayArea-July09-Evaluation.pdf]]
 
  
 +
• 7:45 - 8:30 Talk 2 - Luca Carettoni, LinkedIn Defending against Java Deserialization Vulnerabilities
  
===Development Issues Within AJAX Applications: How to Divert Threats ===
+
'''June 2016 - Visa'''
AJAX has rapidly emerged as a prominent enabling technology in the movement to improve the Web as a software platform for business and consumer applications. Using AJAX development techniques provides software developers with a wide-open platform for creating innovative new Web (2.0) applications. The result is a more readily responsive Web environment which minimizes the “start-stop-start-stop” nature of Web pages, thus increasing the speed and user-interactivity of Web-enabled services.
 
  
However, the open, malleable nature of Web 2.0 also has an often overlooked impact on application security that is not necessarily initially visible to application developers, establishing a relatively easy target for malicious behavior to compromise applications and overall network security. Various security issues arise from a number of sources, thus increasing the attack surface of AJAX applications: client side security controls often replace server side data validation, thus creating a false sense of security; so do calls to “hidden” application functionality and URLs; new XML and JavaScript data models, such as JSON, also enable new attack vectors, like JavaScript Hijacking; and the open, easy to use nature of so called Mashups often comes at the price of various security compromises.
+
6:30 - Doors Open
  
Such threats, however, can be thwarted with the proper implementation of security testing. This session will address the development issues of AJAX applications from a security perspective, looking at how today’s common web threats such as SQL injections, Cross Site Scripting, and others are often magnified in an AJAX environment, and it will also explore new threads, such as JavaScript Hijacking. Last but not least it also provides Best Practices for AJAX application developers that are designed to help manage the security complexities inherent to AJAX development.
+
6:45 - Talk 1 - Secure by Default Stack: Web Application Security Infrastructure - Pritam Mungse, Visa
  
===Building a Corporate Application Security Assessment Program ===
+
7:30 - Break
The talk will discuss Intuit's experiences in building a corporate application security assessment program. Areas of discussion will include tools, processes, and methodologies utilized to conduct effective security assessments of applications in a large global software development corporation.
 
  
===Mastering Session Management===
+
7:40 - Talk 2 - Research on HTTPS error storage policies, Adrienne Porter Felt, Google
Almost everyone is aware of Cross site Scripting and SQL Injection vulnerabilities and their impact. Every web application implements session management techniques to maintain context, but application developers do not pay a lot of attention to session management because they are usually managed by the application server. Attacks against sessions can result in serious compromises and this presentation will cover some of the most common session management techniques and the attacks that can be launched against sessions. It will also discuss some of the techniques developers can use to protect against session attacks.
 
  
===From Rivals to BFF: WAF & VA Unite===
+
8:30 - Networking
For years there was a debate in the Web application and data security world about which approaches are best - black box, white box, SDLC, VA services/software, Web Application Firewalls (WAF), etc. While it is true that with a limited budget anything can become competitive – a new copy machine versus a new coffee machine, the core value propositions of WAF and VA are distinct and complementary. This presentation will illustrate how integrating these solutions can enable more secure Web application development and operations.
 
  
==About the Speakers==
+
'''May 2016 - Thoughtworks'''
  
===Lars Ewe ===
+
• 6:30 Doors Open
Lars Ewe is the CTO and VP of Engineering of Cenzic. Lars is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering and product management in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts.
 
  
===Rob Jerdonek ===
+
• 6:45-7:45 Chris Steipp,  Security Team - Wikimedia (How the Wikimedia Foundation promotes security in the open-source projects)
Rob Jerdonek is a Staff Information Security Analyst at Intuit, working to strengthen application security across all Intuit products and services.  Prior to working at Intuit, Rob has held positions at Arcot Systems, Netscape, Nortel, and the Center for Information Technology Integration. Rob has a B.S.E. and M.S.E. in Computer Science and Engineering from the University of Michigan, Ann Arbor. Rob is a CISSP, and has earned 4 patents in the field of information security.
 
  
===Siva Ram ===
+
• 7:50 - 8:20 Michael Coates, TISO at Twitter & Kyle Randolph, Principal Security Engineer at Optimizely - Strategies for growing your AppSec team & influence
Siva is the Lead Security Consultant with AppSec Consulting, an information security services company, of which he is a founder. He has been in the security industry since 2001 and has 5 years of prior application development experience. He specializes in web application security; managing projects that involve performing penetration tests and vulnerability assessments, developing secure coding guidelines and delivering security training in addition to performing PCI-DSS assessments.
 
  
===Brian Contos===
+
• 8:20+ Networking
Mr. Contos has over fourteen-years of real-world security engineering and management expertise developed in some of the most sensitive and mission-critical environments in the world.  As the chief security strategist for Imperva he advises government organizations, F1000s and G2000s on security strategy related to application and data security while being an evangelist for the security space.  He has written two security books including Enemy at the Water Cooler – Real Life Stories of Insider Threats and Physical and Logical Security Convergence which was co-authored with the former Deputy Director of the NSA – Bill Crowell. He is an active security blogger, host of the Imperva Security Podcast, and has delivered countless speeches around the globe at shows like RSA, Interop, CSI, and others. He is regarded as a security expert, often quoted by the media, and has written articles for Forbes, the London Times, Computerworld, Sarbanes-Oxley Compliance Journal, SC Magazine and many others. Mr. Contos was formerly at ArcSight where he served as their Chief Security Officer for almost seven years, and has held management and engineering positions at Riptech, Bell Labs, Tandem Computers, and the Defense Information Systems Agency (DISA).
 
  
==RSVP==
+
'''April 2016 - Lending Club'''
'''REGISTER EARLY AS SEATING IS LIMITED'''
 
  
http://owaspbajuly09.eventbrite.com
+
6:30- Doors Open
  
=Bay Area Past Events=
+
6:40 - 7:15 - Joe Rozner, Richard Meester,  Prevoty - Sinking Your Hooks in Applications (from AppSecUSA 2015)
 +
 
 +
7:20 - 7:55 - Martin Vigo, Salesforce - Attacks on LastPass (from BlackHat 2015)
 +
 
 +
8:00 - 8:25 - Russell Sherman and Jonathan Carter, Lending Club –Adventures in Running Your Own CTF
 +
 
 +
'''February 2016 - RiskIQ'''
 +
 
 +
=== 2015 Past Events ===
 +
OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!
 +
 
 +
Chapter meetings can be found on the [http://www.meetup.com/Bay-Area-OWASP/ meetup page]
 +
=== 2014 Past Events ===
 +
* December 2014 - San Francisco @ Mozilla
 +
** OWASP Chapter Meeting in San Francisco hosted by [https://mozilla.org Mozilla]<br>
 +
** Jasvir Nagra, Google - Firing Bots at Bugs
 +
** Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
 +
* August 2014 - San Francisco @ Lookout
 +
** OWASP Chapter Meeting in San Francisco hosted by [https://Lookout.com/ Lookout]<br>
 +
** Paul McMillan from Nebula [https://twitter.com/PaulM @PaulM] - Attacking the Internet of Things using Time
 +
** Ben Hagen from Netflix [https://twitter.com/enHagen @BenHagen] - Cloud Security at Scale and What it Means for Your Application
 +
*May 2014 - Redwood City @ Evernote
 +
** OWASP Chapter Meeting in Redwood City hosted by [https://Evernote.com/ Evernote]<br>
 +
** Arshad Noor - CTO, StrongAuth
 +
** Rich Tener - Director of Security, Evernote
 +
* March 2014 - San Francisco @ Stripe
 +
** OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
 +
** Hosted by [https://stripe.com/ Stripe]<br>
 +
* Feb 2014 - San Jose @ Jillians
 +
** OWASP Developer Training & Social Hour - Monday 2/24/2013
 +
** Hosted by OWASP at Jillian's Billiards Club
 +
*Feb 2014 - Special Free Training Event
 +
** OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities. 
 +
** Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes. 
 +
*Jan 2014 - San Jose @ F5
 +
** OWASP Social Hour in San Jose - Wednesday 1/22/2013
 +
** Hosted by [http://www.f5.com/ F5]
 +
==== 2013 Past Events ====
 +
*Dec 2013 - San Francisco @ Twilio
 +
** OWASP Social Hour in San Francisco - Thursday 12/19/2013
 +
** Hosted by [http://www.twilio.com/ Twilio]
 +
*Nov 2013 - San Francisco @ LendingClub
 +
** OWASP Social Hour in Mountain View - Wednesday 11/6/13
 +
** Hosted by [https://www.lendingclub.com/ LendingClub]
 +
* Sept 2013 - Mt View @ Shape Security
 +
** OWASP Social Hour in Mountain View -  Wednesday 9/25/13
 +
** Hosted by [http://www.shapesecurity.com/ Shape Security]
 +
*July 2013 - Berkeley @ University of Berkely
 +
** OWASP Presentation Meeting
 +
** An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
 +
** "Putting Your Robots to Work", Twitter Security Team
 +
 
 +
==== Older Events ====
 
[[Bay Area Past Events]]
 
[[Bay Area Past Events]]
  
==== Bay Area OWASP Chapter Leaders ====
+
== Bay Area Chapter Leaders ==
*[mailto:[email protected] Brian Bertacini]
+
 
*[http://garrettgee.com Garrett Gee]
+
*Travis McPeak - Chapter Leader
*[mailto:mandeep@cenzic.com Mandeep Khera]
+
* William Bengtson
*[mailto:robipapp@yahoo.com Robi Papp]
+
* Brendan Higgins
__NOTOC__
+
* Aaron Sutter
<headertabs/>
+
* Christian DeHoyos
 +
* Prashant Venkatesh
 +
* Leif Dreizler
 +
* Tad Whitaker
 +
* Astha Singhal
 +
* Michael Coates
 +
 
 +
= Stay In Touch =
 +
* All events will be listed on this webpage
 +
* Keep in touch via twitter [https://twitter.com/OWASPBayArea @OWASPBayArea] or on [https://www.linkedin.com/groups/OWASP-BayArea-6568682 Linkedin]
 +
* [http://lists.owasp.org/mailman/listinfo/owasp-bayarea Bay Area Mailing List]
  
 +
[[Category:OWASP Chapter]]
 +
[[Category:United States]]
 
[[Category:California]]
 
[[Category:California]]

Latest revision as of 18:23, 14 January 2019

Bay Area Chapter Board

Interested in finding out more? Will contact you with information on the first in person chapter board discussion in San Francisco

Submit your info here: https://goo.gl/forms/ScPCPrlDiQaUZ6cs2

Chapter Meetings

Bay Area OWASP Chapter meetings are posted on our meetup!

Please visit http://www.meetup.com/Bay-Area-OWASP/ for all chapter event information.

Our next event

We hold regular events across the OWASP Bay Area.

Check out our meetup page for upcoming events: More info on meetup.com


OWASP Bay Area

Welcome to the Bay Area chapter homepage.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG
Highres 469396345.jpg
OWASP Cali.jpg
March 2018.jpg

OWASP-Bay-Area-Aug-2014.png

Picture is @BenHagen talking about cloud security and applications

About OWASP Bay Area Chapter

Geographic Area of Bay Area Chapter

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

Become a Presenter

Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

Link to submit

Notes about OWASP presentations

OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.


Chapter Meetings

OWASP Bay Area Meetup - All events can be found here

About Presentation Events

Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

About OWASP Social Hours

The purpose of the OWASP social gathering is:

  • Informal security chat - the benefits of "hallway con" and security talk with others in the industry
  • Networking - meet other people in the field and industry
  • After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events. https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact [email protected]


Past Events

2018 Past Events

March 2018 - AppDynamics

• 6:30 - Doors open

• 7:00-7:30 - HUNT: Data Driven Web Hacking & Manual Testing (JP Villanueva)

• 7:35-8:05 - Detecting suspicious activity: Time-based analysis of DNS traffic (Barak Raz)

• 8:05-9:00 - Networking

March 2018 - Intuit

• 6:30 - Doors open

• 7:00-7:30 New Attacks Against Unencrypted Traffic (Travis Hassloch)

• 7:35-8:05 - "Offensive Defense" - The best defense is a good offense (Stephan Chenette)

• 8:05-9:00 - Networking

*Special Event* - February 2018 - HackerOne

Hacker Thursday - Mobile Application Security

*Special Event* - January 2018 - CircleCI

Hacker Thursday - Application Security Automation with OWASP ZAP 2.7.0

January 2018 - Smyte

• 6:30 - Doors open

• 6:45 - 6:55 News Bites (Lina)

• 7:00-7:30 - Simple is Better: Fighting Online Abuse with Rate Limiter

• 7:35-8:05 - Reporter -> P.I. -> Security Engineer - How Curiosity Led to an InfoSec Career (Tad Whitaker)

• 8:10-8:40 - XXE Vulnerabilities: From the Beginning Till Now (Ivan Novikov)

• 8:40-9:00 - Networking

2017 Past Events

*Special Event* - December 2017 - Shape Security

Hacker Thursday - Unorthodox Security Assessment: OSINT for Intelligent Attacks

Nutan Kumar Panda

December 2017 - Contrast Security

• 6:30 - Doors open

• 6:45-7:00 - Welcome

• 7:00-8:00 - Three Ways of Security (Jeff Williams)

• 8:00-9:00 - Networking and Giveaways!

November 2017 - Credit Karma

• 6:30 - Doors open

• 6:45-7:00 - News with Hardeep Singh

• 7:00-7:30 - Three Keys for SecDevOps Success (Frank Kim)

• 7:35-8:05 - TLS for Microservices (Michael Cline)

• 8:05-9:00 - Networking

*Special Event* - November 2017 - Credit Karma

Hacker Thursdays: Learn secure coding with a live tournament

Stephen Allor

*Special Event* - October 2017 - ShieldX Networks

Hacker Thursdays:- Dissecting Injection vulnerabilities

Matt Torbin

September 2017 - Distil Networks

• 6:30 Doors Open

• 6:45 - 7:15 "The Great Bot Gift Card Heist" - Kevin Bottomley

• 7:20 - 7:50 "Scaling Application Security with DevSecOps" - Abhay Bhargav

• 7:55 - 8:25 "The Struts Vulnerability" - Prashant Venkatesh

• 8:25 - 9:00 Networking

• 9 Doors Close

September 2017 - Intuit

• 6:30 Doors Open

• 6:45 - 7:15 "Making Vulnerability Management Less Painful with OWASP DefectDojo" - Greg Anderson

• 7:20 - 7:50 "Crikey! Pirates Be Lurkin' at the Single Sign-On Watering Hole" - Mike Hunter

• 7:55 - 8:25 "There’s a new sheriff in town; dynamic security group recommendations with Grouper and Dredge" - Kevin Glisson

• 8:25 - 9:00 Networking

• 9 Doors Close

September 2017 - Lending Club

• 6:30 Doors Open

• 6:45 - 7:25 "Introducing the OWASP Game Security Framework" - Daniel Miessler

• 7:30 - 8:10 "Motherhood, Mental Health, and a Career in CyberSecurity" - Caroline Wong

• 8:10 - 9 Networking

• 9 Doors Close

*Special Event* - September 2017 - Lending Club

Web Application Penetration Basics

Ty Sbano

June 2017 - Lending Club

• 6:30 Doors Open

• 6:45 - 7:25 "Introducing the OWASP Game Security Framework" - Daniel Miessler

• 7:30 - 8:10 "Motherhood, Mental Health, and a Career in CyberSecurity" - Caroline Wong

• 8:10 - 9 Networking

• 9 Doors Close

May 2017 - Netflix (videos on youtube)

• 6:30 Doors Open

• 6:45 - 7:15 "All you email are belong to us: exploiting vulnerable email clients via domain name collision" - Ilya Nesterov and Maxim Goncharov

• 7:20 - 7:40 "Attacking & Defending DevOps" - Patrick Thomas

• 7:45 - 8:05 "LISA - Location Independent Security Approach" - Bryan Zimmer

• 8:05 - 9 Networking and Netflix OSS expo

• 9 Doors Close

April 2017 - Pandora (videos on youtube)

• 6:30 Doors Open

• 6:45 - 7:30 "Effective AppSec Metrics" - Caroline Wong

• 7:35 - 8:20 "IoT Exploitation 101" - Aditya Gupta

• 8:25 - 9:00 Networking

• 9:00 Doors Close

March 2017 (2) - Ebay

• 6:30 Doors Open

• 6:45 - 7:15 "Cracking Financial Systems" - John Menerick

• 7:20 - 7:50 "Hacking Mainframes" - Philip Young

• 7:55 - 8:25 "Hacking Smart Door Locks with Bluetooth Relay Attacks" - Mike Ryan

• 8:25 - 9 Networking

• 9 Doors Close

March 2017 - NetSpi

• 6:30 Doors Open

• 6:45 - 7:15 "Cracking Financial Systems" - John Menerick

• 7:20 - 7:50 "SQL Server Security" - Scott Sutherland

• 7:50 - 9 Networking

• 9 Doors Close

January 2017 (2) - Synack

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1

Robert Wood - Bringing Red Teaming to the Board Room

• 7:45 - 8:30 Panel Discussions

• 8:30+ Networking

• 9 Doors Close

January 2017 - Bleacher Report

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1

Robert Wood - Bringing Red Teaming to the Board Room

• 7:45 - 8:30 Talk 2

Rob Witoff - Security Automation With Immutable Infrastructure

• 8:30+ Networking

• 9 Doors Close

2016 Past Events

November (2) 2016 - Linkedin

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 (Rohit Pitke, Mukul Khullar - A walkthrough on AWS Security Pitfalls)

• 7:45 - 8:30 Talk 2 (Scott Behrens - Cleaning Your Applications' Dirty Laundry With Scumblr )

• 8:30+ Networking

November 2016 - Salesforce

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 -Will Bengston and Travis McPeak - Jumpstart a Bandit Program in Your Organization

• 7:45 - 8:30 Talk 2 - Kuba Sendor (@jsendor), Yelp - "Slicing Apples with Ninja Sword: Fighting Malware at the Corporate Level"

September 2016 - Twitter

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 - Ron Hamilton, Performance Technology Partners (PTP)

• 7:45 - 8:30 Talk 2 - Luca Carettoni, LinkedIn Defending against Java Deserialization Vulnerabilities

June 2016 - Visa

6:30 - Doors Open

6:45 - Talk 1 - Secure by Default Stack: Web Application Security Infrastructure - Pritam Mungse, Visa

7:30 - Break

7:40 - Talk 2 - Research on HTTPS error storage policies, Adrienne Porter Felt, Google

8:30 - Networking

May 2016 - Thoughtworks

• 6:30 Doors Open

• 6:45-7:45 Chris Steipp,  Security Team - Wikimedia (How the Wikimedia Foundation promotes security in the open-source projects)

• 7:50 - 8:20 Michael Coates, TISO at Twitter & Kyle Randolph, Principal Security Engineer at Optimizely - Strategies for growing your AppSec team & influence

• 8:20+ Networking

April 2016 - Lending Club

6:30- Doors Open

6:40 - 7:15 - Joe Rozner, Richard Meester,  Prevoty - Sinking Your Hooks in Applications (from AppSecUSA 2015)

7:20 - 7:55 - Martin Vigo, Salesforce - Attacks on LastPass (from BlackHat 2015)

8:00 - 8:25 - Russell Sherman and Jonathan Carter, Lending Club –Adventures in Running Your Own CTF

February 2016 - RiskIQ

2015 Past Events

OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the meetup page

2014 Past Events

  • December 2014 - San Francisco @ Mozilla
    • OWASP Chapter Meeting in San Francisco hosted by Mozilla
    • Jasvir Nagra, Google - Firing Bots at Bugs
    • Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
  • August 2014 - San Francisco @ Lookout
    • OWASP Chapter Meeting in San Francisco hosted by Lookout
    • Paul McMillan from Nebula @PaulM - Attacking the Internet of Things using Time
    • Ben Hagen from Netflix @BenHagen - Cloud Security at Scale and What it Means for Your Application
  • May 2014 - Redwood City @ Evernote
    • OWASP Chapter Meeting in Redwood City hosted by Evernote
    • Arshad Noor - CTO, StrongAuth
    • Rich Tener - Director of Security, Evernote
  • March 2014 - San Francisco @ Stripe
    • OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
    • Hosted by Stripe
  • Feb 2014 - San Jose @ Jillians
    • OWASP Developer Training & Social Hour - Monday 2/24/2013
    • Hosted by OWASP at Jillian's Billiards Club
  • Feb 2014 - Special Free Training Event
    • OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
    • Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
  • Jan 2014 - San Jose @ F5
    • OWASP Social Hour in San Jose - Wednesday 1/22/2013
    • Hosted by F5

2013 Past Events

  • Dec 2013 - San Francisco @ Twilio
    • OWASP Social Hour in San Francisco - Thursday 12/19/2013
    • Hosted by Twilio
  • Nov 2013 - San Francisco @ LendingClub
    • OWASP Social Hour in Mountain View - Wednesday 11/6/13
    • Hosted by LendingClub
  • Sept 2013 - Mt View @ Shape Security
    • OWASP Social Hour in Mountain View - Wednesday 9/25/13
    • Hosted by Shape Security
  • July 2013 - Berkeley @ University of Berkely
    • OWASP Presentation Meeting
    • An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
    • "Putting Your Robots to Work", Twitter Security Team

Older Events

Bay Area Past Events

Bay Area Chapter Leaders

  • Travis McPeak - Chapter Leader
  • William Bengtson
  • Brendan Higgins
  • Aaron Sutter
  • Christian DeHoyos
  • Prashant Venkatesh
  • Leif Dreizler
  • Tad Whitaker
  • Astha Singhal
  • Michael Coates

Stay In Touch

Retrieved from "https://wiki.owasp.org/index.php?title=Bay_Area&oldid=246546"