This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Long Island"
| Line 1: | Line 1: | ||
| − | {{Chapter Template|chaptername=Long Island | extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-longisland | emailarchives=http://lists.owasp.org/pipermail/owasp-longisland }} | + | {{Chapter Template|chaptername=Long Island | extra= | mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-longisland | emailarchives=http://lists.owasp.org/pipermail/owasp-longisland }} |
| − | <paypal>Long Island</paypal> | + | <paypal>Long Island</paypal> |
| + | <br> Educational Supporter: {{MemberLinks|link=http://www.adelphi.edu|logo=AdelphiLogo-150x64.png}} | ||
| − | + | ==== News & Chapter Meeting ==== | |
| − | + | '''UPDATED ''' <br> Please be advised the location for the May 15 meeting has been changed. <br> <br> Our Next meeting will be held on: | |
| − | ''' UPDATED ''' <br> | + | |
| − | Please be advised the location for the May 15 meeting has been changed. | + | *Date: Sunday, May 15, 2011 |
| + | *Time: 12:30pm - 3:30pm | ||
| + | *Location: University Club Facility at David Mack Hall, Hosftra University, Hempstead, NY 11549-1000 | ||
| + | *Topics: TBD <br> | ||
<br> | <br> | ||
| − | + | [https://www.regonline.com/builder/site/?eventid=969356 Register] <br> | |
| − | + | ||
| − | + | ||
| − | + | <br><br> Directions to Hofstra University (It is just off of Hempstead Turnpike): From Meadowbrook Parkway - Going West on Hempstead Turnpike (Route 24), go to the 3rd traffic light and make a right through the main entrance to Hofstra. It is the first building on the right. The parking lot is on the side of the building. [http://maps.google.com/maps?hl=en&biw=1219&bih=809&um=1&ie=UTF-8&cid=0,0,18137204279734354163&fb=1&hq=hofstra+university&hnear=Old+Westbury,+NY&gl=us&daddr=Hofstra+University,+Hempstead,+NY+11549-1000&geocode=1582588550823583642,40.714111,-73.600523&ei=1ZixTb2EOeTs0gH3m7SLCQ&sa=X&oi=local_result&ct=directions-to&resnum=2&ved=0CB8QngIwAQ Map] | |
| − | |||
| − | <br><br> | ||
| − | Directions to Hofstra University (It is just off of Hempstead Turnpike): | ||
| − | From Meadowbrook Parkway - Going West on Hempstead Turnpike (Route 24), go to the 3rd traffic light and make a right through the main entrance to Hofstra. | ||
| − | [http://maps.google.com/maps?hl=en&biw=1219&bih=809&um=1&ie=UTF-8&cid=0,0,18137204279734354163&fb=1&hq=hofstra+university&hnear=Old+Westbury,+NY&gl=us&daddr=Hofstra+University,+Hempstead,+NY+11549-1000&geocode=1582588550823583642,40.714111,-73.600523&ei=1ZixTb2EOeTs0gH3m7SLCQ&sa=X&oi=local_result&ct=directions-to&resnum=2&ved=0CB8QngIwAQ Map] | ||
| Line 24: | Line 23: | ||
| − | <center>If you join our [http://lists.owasp.org/mailman/listinfo/owasp-longisland mailing list], then you will receive details of the meeting as soon as they are finalized.</center> | + | <br> |
| − | <center>To be a co-sponsor for this or a future meeting consider [http://www.owasp.org/index.php/Membership annual chapter sponsorship]</center> | + | <center>If you join our [http://lists.owasp.org/mailman/listinfo/owasp-longisland mailing list], then you will receive details of the meeting as soon as they are finalized.</center> <center>To be a co-sponsor for this or a future meeting consider [http://www.owasp.org/index.php/Membership annual chapter sponsorship]</center> <center>If you can host an upcoming meeting please contact a [http://www.owasp.org/index.php?title=Long_Island&action=submit#tab=Chapter_Leaders.2FContacts LI board member].</center> |
| − | <center>If you can host an upcoming meeting please contact a [http://www.owasp.org/index.php?title=Long_Island&action=submit#tab=Chapter_Leaders.2FContacts LI board member].</center> | + | <br> |
| + | ==== Calendar ==== | ||
| + | |||
| + | '''2011 Meeting Schedule''' <br> ''The information on this page is subject to change'' <br><br> Sunday, May 15 <br> | ||
| + | |||
| + | *Time: 12:30pm-3:30pm <br> | ||
| + | *Location: Hofstra University <br> | ||
| + | *Topics: TBD <br> | ||
| + | |||
| + | <br> | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
---- | ---- | ||
| − | <br> | + | |
| − | Sunday, July 17 <br> | + | <br> Sunday, July 17 <br> |
| − | * Time: 12:30pm-3:30pm <br> | + | |
| − | * Location: TBD <br> | + | *Time: 12:30pm-3:30pm <br> |
| − | * Topics: TBD <br> | + | *Location: TBD <br> |
| − | <br> | + | *Topics: TBD <br> |
| + | |||
| + | <br> | ||
| + | |||
---- | ---- | ||
| − | <br> | + | |
| − | Sunday, September 18 <br> | + | <br> Sunday, September 18 <br> |
| − | * Time: 12:30pm-3:30pm <br> | + | |
| − | * Location: TBD <br> | + | *Time: 12:30pm-3:30pm <br> |
| − | * Topics: TBD <br> | + | *Location: TBD <br> |
| − | <br> | + | *Topics: TBD <br> |
| + | |||
| + | <br> | ||
---- | ---- | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | <br> Sunday, November 13 | ||
| + | |||
| + | *Time: 12:30pm-3:30pm <br> | ||
| + | *Location: TBD <br> | ||
| + | *Topics: TBD <br> | ||
| + | |||
| + | <br> | ||
| + | |||
| + | <br> | ||
| + | |||
| + | ==== Past Meetings ==== | ||
| − | + | '''March Meeting''' <br> '''Date:''' 3/27/2011 Sunday<br> '''Time:''' 12pm-3pm<br> '''Place:''' 2nd Floor, Jericho Public Library, 1 Merry Lane, Jericho, New York 11753 <br> <br><br> Rajendra Umadas, OWASP Member<br> | |
| − | ''' | + | '''Intro to the OWASP Mobile Project''' |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | The OWASP Mobile Project is in its infancy, but has generated a lot of interest in the security and mobile development communities. Recently, delegates at the OWASP Summit in Portugal started laying the ground work to help guide the project through its inaugural year. One of the objectives for this year will be to ratify the current, unofficial OWASP Mobile Top 10 List. This presentation will do a deep dive into the current list, citing real world examples of insecure mobile applications. | |
| − | |||
| − | The OWASP Mobile Project is in its infancy, but has generated a lot of interest in the security and mobile development communities. Recently, delegates at the OWASP Summit in Portugal started laying the ground work to help guide the project through its inaugural year. One of the objectives for this year will be to ratify the current, unofficial OWASP Mobile Top 10 List. This presentation will do a deep dive into the current list, citing real world examples of insecure mobile applications. | ||
| − | <br><br> | + | <br><br> [http://pentest.cryptocity.net/blog/ Dan Guido], OWASP NY/NJ Board Member |
| − | [http://pentest.cryptocity.net/blog/ Dan Guido], OWASP NY/NJ Board Member | ||
| − | + | '''The Exploit Intelligence Project''' | |
| − | In 2011, mass malware is still the most common source of compromise on | + | In 2011, mass malware is still the most common source of compromise on corporate networks. Bots like Zeus, Gozi, and Clampi successfully infect devices despite organizations carefully managing disclosed vulnerabilities and subscribing to detailed analysis of the latest malware families. Existing efforts at malware prevention focus broadly on vulnerabilities and their impact yet ignore the means by which they are exploited and the motivations, opportunities and capabilities of attackers, which has allowed this problem to become worse year-after-year. |
| − | corporate networks. Bots like Zeus, Gozi, and Clampi successfully | ||
| − | infect devices despite organizations carefully managing disclosed | ||
| − | vulnerabilities and subscribing to detailed analysis of the latest | ||
| − | malware families. Existing efforts at malware prevention focus broadly | ||
| − | on vulnerabilities and their impact yet ignore the means by which they | ||
| − | are exploited and the motivations, opportunities and capabilities of | ||
| − | attackers, which has allowed this problem to become worse | ||
| − | year-after-year. | ||
| − | In this talk, I introduce an intelligence-driven approach to malware | + | In this talk, I introduce an intelligence-driven approach to malware defense, focusing on attacker's capabilities and methods, with data collected from the most popular crimeware packs currently deployed in-the-wild. This analysis identifies the means by which exploits are developed and selected for inclusion in crimeware packs, identifies defenses that are outside the capability of malware exploit writers to bypass, and helps attendees evaluate not just the exploitability, but the probability of a vulnerability being exploited. This study shows that, until crimeware packs substantially advance in sophistication, only a few simple defensive tactics are required to protect users from such opportunistic threats. |
| − | defense, focusing on attacker's capabilities and methods, with data | ||
| − | collected from the most popular crimeware packs currently deployed | ||
| − | in-the-wild. This analysis identifies the means by which exploits are | ||
| − | developed and selected for inclusion in crimeware packs, identifies | ||
| − | defenses that are outside the capability of malware exploit writers to | ||
| − | bypass, and helps attendees evaluate not just the exploitability, but | ||
| − | the probability of a vulnerability being exploited. This study shows | ||
| − | that, until crimeware packs substantially advance in sophistication, | ||
| − | only a few simple defensive tactics are required to protect users from | ||
| − | such opportunistic threats. | ||
| + | <br> <br><br> [http://www.linkedin.com/pub/ryan-behan/9/746/a12 Ryan Behan], OWASP LI Board Member <br> [http://www.linkedin.com/in/blakecornell Blake Cornell], OWASP Board Member NY/NJ/LI | ||
| − | + | '''[http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project WebScarab] Demo / Web Vulnerabilities Intro''' WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab. | |
| − | [http://www. | ||
| − | |||
| − | |||
| − | + | In this demo we'll use WebScarab against some emulated vulnerabilities developed by Blake Cornell. | |
| − | |||
| − | + | <br> | |
| + | ''Free pizza and beverage will be provided. After event networking will be held at a local bar.''<br><br> | ||
| + | <br> | ||
| − | + | ==== Chapter Board Members/Contacts ==== | |
| + | *[mailto:[email protected] Helen Gao, CISSP] | ||
| + | *[mailto:[email protected] Ryan C Behan] | ||
| + | *[mailto:[email protected] Blake Cornell] 212-202-6704 | ||
| + | __NOTOC__ <headertabs /> | ||
| − | ==== | + | == External Links == |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | *[http://www.youtube.com/user/AppsecTutorialSeries AppSec Tutorial on YouTube] | |
| − | * [http://www.youtube.com/user/AppsecTutorialSeries AppSec Tutorial on YouTube] | + | *[http://www.owasp.org/index.php/OWASP_Training#tab=Videos_.26_Pictures OWASP video and photos] |
| − | * [http://www.owasp.org/index.php/OWASP_Training#tab=Videos_.26_Pictures OWASP video and photos] | + | *[http://www.owasp.org/index.php/Industry:Citations Industry Citations] |
| − | * [http://www.owasp.org/index.php/Industry:Citations Industry Citations] | + | *[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 for 2010 was released on April 19, 2010] |
| − | * [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 for 2010 was released on April 19, 2010] | ||
Revision as of 01:13, 24 April 2011
OWASP Long Island
Welcome to the Long Island chapter homepage.
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
<paypal>Long Island</paypal>
Educational Supporter: 
News & Chapter Meeting
UPDATED
Please be advised the location for the May 15 meeting has been changed.
Our Next meeting will be held on:
- Date: Sunday, May 15, 2011
- Time: 12:30pm - 3:30pm
- Location: University Club Facility at David Mack Hall, Hosftra University, Hempstead, NY 11549-1000
- Topics: TBD
Directions to Hofstra University (It is just off of Hempstead Turnpike): From Meadowbrook Parkway - Going West on Hempstead Turnpike (Route 24), go to the 3rd traffic light and make a right through the main entrance to Hofstra. It is the first building on the right. The parking lot is on the side of the building. Map
Calendar
2011 Meeting Schedule
The information on this page is subject to change
Sunday, May 15
- Time: 12:30pm-3:30pm
- Location: Hofstra University
- Topics: TBD
Sunday, July 17
- Time: 12:30pm-3:30pm
- Location: TBD
- Topics: TBD
Sunday, September 18
- Time: 12:30pm-3:30pm
- Location: TBD
- Topics: TBD
Sunday, November 13
- Time: 12:30pm-3:30pm
- Location: TBD
- Topics: TBD
Past Meetings
March Meeting
Date: 3/27/2011 Sunday
Time: 12pm-3pm
Place: 2nd Floor, Jericho Public Library, 1 Merry Lane, Jericho, New York 11753
Rajendra Umadas, OWASP Member
Intro to the OWASP Mobile Project
The OWASP Mobile Project is in its infancy, but has generated a lot of interest in the security and mobile development communities. Recently, delegates at the OWASP Summit in Portugal started laying the ground work to help guide the project through its inaugural year. One of the objectives for this year will be to ratify the current, unofficial OWASP Mobile Top 10 List. This presentation will do a deep dive into the current list, citing real world examples of insecure mobile applications.
Dan Guido, OWASP NY/NJ Board Member
The Exploit Intelligence Project
In 2011, mass malware is still the most common source of compromise on corporate networks. Bots like Zeus, Gozi, and Clampi successfully infect devices despite organizations carefully managing disclosed vulnerabilities and subscribing to detailed analysis of the latest malware families. Existing efforts at malware prevention focus broadly on vulnerabilities and their impact yet ignore the means by which they are exploited and the motivations, opportunities and capabilities of attackers, which has allowed this problem to become worse year-after-year.
In this talk, I introduce an intelligence-driven approach to malware defense, focusing on attacker's capabilities and methods, with data collected from the most popular crimeware packs currently deployed in-the-wild. This analysis identifies the means by which exploits are developed and selected for inclusion in crimeware packs, identifies defenses that are outside the capability of malware exploit writers to bypass, and helps attendees evaluate not just the exploitability, but the probability of a vulnerability being exploited. This study shows that, until crimeware packs substantially advance in sophistication, only a few simple defensive tactics are required to protect users from such opportunistic threats.
Ryan Behan, OWASP LI Board Member
Blake Cornell, OWASP Board Member NY/NJ/LI
WebScarab Demo / Web Vulnerabilities Intro WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
In this demo we'll use WebScarab against some emulated vulnerabilities developed by Blake Cornell.
Free pizza and beverage will be provided. After event networking will be held at a local bar.
Chapter Board Members/Contacts
- Helen Gao, CISSP
- Ryan C Behan
- Blake Cornell 212-202-6704
