|
|
| Line 7: |
Line 7: |
| | === Next Event === | | === Next Event === |
| | | | |
| − | November 30, 2011
| + | Please stay tuned...there is interest in holding an East Bay meeting in February or March 2012! |
| − | | |
| − | Stanford Campus, Alumni Center, Lane/Ladato rooms<br>
| |
| − | Directions: http://www.stanfordalumni.org/aboutsaa/alumni_center/directions.html<br>
| |
| − | Parking will be available on Galvez field right next to the center.<br>
| |
| − | '''Agenda'''
| |
| − | | |
| − | 5:30pm - Welcome
| |
| − | | |
| − | 5:40pm - Jason Chan, Practical Cloud Security [[Media:JasonChan-PracticalCloudSecurity.pdf | Slides]]
| |
| − | | |
| − | 6:15pm - Luca Carettoni, From CVE-2010-0738 to the recent JBoss worm [http://www.matasano.com/research/OWASP3011_Luca.pdf Slides]
| |
| − | | |
| − | 6:50pm - David Fifield, Evading censorship with browser-based proxies [[Media:Davidfifield-FlashProxy.pdf|Slides]]
| |
| − | | |
| − | 7:25pm - Abraham Kang, DOM-based XSS and output encoding [[Media:AbrahamKang-DOMBasedXSS.pptx|Slides]]
| |
| − | | |
| − | '''You must RSVP''' at http://owaspbayareanov2011.eventbrite.com/ prior to attending, we need to know how many people are coming to make sure we have the correct room sizing.
| |
| − | | |
| − | ----
| |
| − | | |
| − | '''Jason Chan - Practical Cloud Security''' Over the past several years, there has been much hand wringing and teeth gnashing related to public cloud security. Because of this, many organizations have limited or delayed their cloud usage. Faced with business and market imperatives that demanded scale and elasticity that traditional data center architectures could not provide, Netflix jumped head first into the public cloud two years ago. As we continue to mature our environment, we’ve also begun leveraging the benefits of the public cloud to enhance our security posture and capabilities. This presentation will be a practical examination of Netflix’s approach to cloud security. Topics covered include: • Using public cloud automation and APIs to enhance security visibility • Netflix’s “Security Monkey” tool for cloud security monitoring and alerting • Inter-host reachability and connectivity analysis for firewall policy evaluation and optimization • Netflix’s model-driven architecture for securing and managingsystems and applications • Call to action: Cloud Security Gap Analysis and Next Steps
| |
| − | | |
| − | '''Luca Carettoni - From CVE-2010-0738 to the recent JBoss worm''' Being a widely deployed enterprise application server, JBoss has always been a juicy target for attackers. Security vulnerabilities and misconfigurations in critical components, such as the infamous JMX-console, can be exploited in order to execute arbitrary code and harm the confidentiality, integrity and availability of the entire system. Our quick journey through JBoss insecurity will start from the analysis of a critical authentication bypass flaw to the recent JBoss worm which affected numerous installations worldwide. This presentation will also cover practical aspects on how to detect misconfigurations and secure your application server.
| |
| − | | |
| − | '''David Fifield - Evading censorship with browser-based proxies''' Proxy systems like Tor and VPNs can be used to get around Internet censorship and access blocked resources, but what happens when the circumvention system itself is blocked? A flash proxy is a miniature proxy that runs in a web browser, that can be activated just by viewing a web page. Web site visitors provide a large and constantly changing pool of proxy addresses that are difficult to block. Even though each proxy may last only seconds or minutes, it is possible to switch between them in a way that makes web browsing more or less seamless. We will share details of our flash proxy implementation and explain how to add a proxy to your web page.
| |
| − | | |
| − | '''Abraham Kang - DOM-based XSS and output encoding''' An interactive presentation that intends to turn all of the listeners of the presentation into XSS experts and help them understand how to mitigate XSS properly using output encoding.
| |
| − | | |
| − | === Previous Event ===
| |
| − | | |
| − | '''WHAT''': OWASP Silicon Valley Chapter Meeting
| |
| − | | |
| − | '''WHEN''': Thursday, August 25th, 2011 - From 6 PM to 8.30 PM
| |
| − | | |
| − | '''WHERE''': Mozilla Foundation Offices - 650 Castro Street, Unit 300, Mountain View , CA 94041
| |
| − | | |
| − | (right next to Starbucks)
| |
| − | | |
| − | REGISTER EARLY AS SEATING IS LIMITED
| |
| − | | |
| − | Please RSVP by registering at http://www.regonline.com/owaspsiliconvalleychaptermeeting
| |
| − | | |
| − | Agenda:
| |
| − | * 6:00 PM - 6:30 PM .............Check-in, registration, networking
| |
| − | * 6:30 PM – 6:35 PM ........... Welcome Remarks/Agenda - Mandeep Khera
| |
| − | * 6:35 PM - 7:45 PM ............ Enabling Browser Security in Web Applications- Michael Coates, Mozilla
| |
| − | * 7:45 PM – 8:30 PM…......... Blackhat spam SEO - Julien Sobrier, Zscaler
| |
| − | | |
| − | '''SPONSORS''': Special Thanks to our host and sponsor - Mozilla Foundation.
| |
| | | | |
| | | | |
Welcome to the Bay Area chapter homepage.
Please stay tuned...there is interest in holding an East Bay meeting in February or March 2012!
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
