|
|
| Line 16: |
Line 16: |
| | |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}} | | |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}} |
| | | | |
| − | '''THANKS TO OUR SPONSORS:'''
| |
| − | '''The Dallas Chapter of OWASP would like to thank Richland College for hosting our meetings.'''
| |
| | | | |
| | == Get Connected and Stay Connected == | | == Get Connected and Stay Connected == |
| Line 36: |
Line 34: |
| | === Announcements === | | === Announcements === |
| | | | |
| − | == October Meeting == | + | == November Meeting == |
| | | | |
| − | '''When:''' Wednesday October 7th, 2015 from 11:30 AM – 1:00 PM | + | '''When:''' Tuesday, November 17th, 2015 from 5:30 PM – ?:?? PM |
| | | | |
| − | '''Topic: ''' Anatomy of a Logic Flaw | + | '''Topic: ''' OWASP Dallas Happy Hour |
| | | | |
| − | Traditional vulnerabilities like SQL Injection, buffer overflows, etc, have well established techniques for discovery and prevention. On the other hand, logic flaws are incredibly diverse and often unique to the specific application or business organization. Because of this, logic flaws have taken on a near mythical status. In the myth, logic flaws are nearly impossible to find until the elite of the elite hackers launch an attack to completely own the application.
| + | We'll have a reserved high-top table in front of the bar. |
| | | | |
| − | The reality is far different; logic flaws are not the complex nightmare that many have made them out to be. This presentation will use real-world examples to show how logic flaws are typically introduced into an application, how they can be consistently detected during testing, and how they can be prevented during development. Instead of hoping for magic, repeatable processes will be outlined for each of those items. This will prove beneficial to anyone responsible for application security: programmers, architects, managers, and pen testers.
| + | We've had some great turnouts at our last 2 meetings and there have been a lot of new faces. We wanted to finish the year strong by giving everyone a chance to hang out and get to know one another. There won't be a specific topic presented at this meeting, but if you have suggestions, feedback, comments, etc. We'd love to hear them as we start our planning for 2016. |
| | | | |
| − | '''Who:''' Charles Henderson is the Vice President of Managed Security Testing at Trustwave. He has been in the information security industry for over twenty years. Over that time, he and his teams have specialized in network penetration testing, application penetration testing, physical security testing, and incident response. His team's clients range from the largest on the Fortune lists to small and midsized companies interested in improving their security posture. Henderson routinely speaks at various conferences (including Black Hat, DEF CON, RSA, SOURCE, OWASP AppSec USA and Europe, FROC, and Merchant Risk Council) around the world on various subject matters relating to security testing and incident response.
| + | This meeting will be sponsored by Qualys. Thank you! |
| | | | |
| − | '''Where:''' 6011 Connection Drive, Irving, TX 75039. Volunteers will be onsite to escort you from the lobby to the meeting room. | + | '''Where:''' Mexican Sugar at Shops at Legacy - 7501 Lone Star Drive, Suite 8150, Plano, TX |
| | | | |
| − | http://meetu.ps/2MTthZ | + | http://meetu.ps/2QqkZg |
| | | | |
| | | | |
| | === Previous Meetings === | | === Previous Meetings === |
| | + | |
| | + | == October Meeting == |
| | + | '''When:''' Wednesday October 7th, 2015 from 11:30 AM – 1:00 PM |
| | + | |
| | + | '''Topic: ''' Anatomy of a Logic Flaw |
| | + | |
| | + | '''Who:''' Charles Henderson is the Vice President of Managed Security Testing at Trustwave. |
| | + | |
| | + | '''Where:''' 6011 Connection Drive, Irving, TX 75039. Volunteers will be onsite to escort you from the lobby to the meeting room. |
| | | | |
| | == September Meeting == | | == September Meeting == |
| Line 123: |
Line 130: |
| | | | |
| | [http://www.richlandcollege.edu/map/ Map] | | [http://www.richlandcollege.edu/map/ Map] |
| − |
| |
| − | == November Meeting ==
| |
| − | '''When:''' Wednesday November 7, 2012 from 11:30 AM – 1:00 PM
| |
| − |
| |
| − | '''Topic: ''' Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape
| |
| − |
| |
| − | '''Who:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
| |
| − |
| |
| − | '''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
| |
| − |
| |
| − | [http://www.richlandcollege.edu/map/ Map]
| |
| − |
| |
| − | == October Meeting ==
| |
| − | '''When:''' Wednesday October 3, 2012 from 11:30 AM – 1:00 PM
| |
| − |
| |
| − | '''Topic: ''' Exploitation Techniques and Mitigation
| |
| − |
| |
| − | '''Who:''' James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc
| |
| − |
| |
| − | '''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
| |
| − |
| |
| − | [http://www.richlandcollege.edu/map/ Map]
| |
| − |
| |
| − | == September Meeting ==
| |
| − | '''When:''' Wednesday September 12, 2012 from 11:30 AM – 1:00 PM
| |
| − |
| |
| − | '''Topic: ''' The Importance of Application Security.
| |
| − |
| |
| − | '''Who:''' Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC
| |
| − |
| |
| − | '''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
| |
| − |
| |
| − | [http://www.richlandcollege.edu/map/ Map]
| |
| − |
| |
| − | == August Meeting ==
| |
| − | '''When:''' Wednesday August 1, 2012 from 11:30 AM – 1:00 PM
| |
| − |
| |
| − | '''Topic: ''' Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web.
| |
| − |
| |
| − | '''Who:''' Derek Soeder, founder, Ridgeway Internet Security
| |
| − |
| |
| − | '''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
| |
| − |
| |
| − | [http://www.richlandcollege.edu/map/ Map]
| |
| − |
| |
| − | '''Slides''': [[Media:Malicious Math - Final.pptx]]
| |
| − |
| |
| − | == July Meeting ==
| |
| − | '''When:''' Wednesday July 11, 2012 from 11:30 AM – 1:00 PM
| |
| − |
| |
| − | '''Topic: ''' Reinventing Dynamic Testing: Real-Time Hybrid
| |
| − |
| |
| − | '''Who:''' Adam Hils; Senior Product Manager HP Enterprise Security Products
| |
| − |
| |
| − | '''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
| |
| − |
| |
| − | [http://www.richlandcollege.edu/map/ Map]
| |
| − |
| |
| − | == June Meeting ==
| |
| − | '''When:''' Wednesday June 6, 2012 from 11:30 AM – 1:00 PM
| |
| − |
| |
| − | '''Topic: ''' Is There An End to Testing Ourselves Secure?
| |
| − |
| |
| − | '''Who:''' Rohit Sethi; Vice President, Product Development, SD Elements
| |
| − |
| |
| − | '''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
| |
| − |
| |
| − | [http://www.richlandcollege.edu/map/ Map]
| |
| − |
| |
| − | == May Meeting ==
| |
| − |
| |
| − | '''When:''' Wednesday, May 2, 2012 from 11:30 AM to 1:00 PM
| |
| − |
| |
| − | '''Topic: ''' OWASP and PCI DSS Requirement 6.5
| |
| − |
| |
| − | OWASP and PCI DSS Requirement 6.5. Keeping current with the OWASP top 10 and how it impacts companies PCI compliance and training. Tony will discuss how McAfee complies to the requirement and how McAfee must make changes to match the current top 10 as well has making sure that developers keep up to date on training.
| |
| − |
| |
| − | '''Who:''' Tony Gunn; Director of Security Operations for McAfee
| |
| − |
| |
| − | '''Where:'''
| |
| − | North Lake College (Central Campus)
| |
| − | 5001 N. MacArthur Blvd.
| |
| − | Irving, TX 75038
| |
| − | Phone: 972-273-3000
| |
| − | Building: A
| |
| − | Room: 206
| |
| − |
| |
| − | [http://www.northlakecollege.edu/pages/central-campus-directions.aspx Map]
| |
| − |
| |
| − | == March Meeting ==
| |
| − |
| |
| − | '''When:''' March 7, 2012, 11:30am - 1:00pm
| |
| − |
| |
| − | '''Topic: ''' AAA for Hybrid Cloud Environment
| |
| − |
| |
| − | During this session, presented by Symplified, we will explore four areas of interest.
| |
| − |
| |
| − | Web, SaaS, Mobile Application Adoption
| |
| − | Protecting sensitive data
| |
| − | WAM for the Public Cloud
| |
| − | Identity Sprawl
| |
| − |
| |
| − | '''Who:''' Cullen Landrum, CISSP is a Senior Systems Engineer at Symplified.
| |
| − |
| |
| − | '''Where:'''
| |
| − | North Lake College (Central Campus), 5001 N. MacArthur Blvd. Irving, TX 75038
| |
| − | Phone: 972-273-3000
| |
| − | Building: A
| |
| − | Room: 206
| |
| − |
| |
| − | [http://www.northlakecollege.edu/pages/central-campus-directions.aspx Map]
| |
| − |
| |
| − | == February Meeting ==
| |
| − |
| |
| − | '''When:''' February 1, 2012, 11:30am - 1:00pm
| |
| − |
| |
| − | '''Topic: ''' Web Application Vulnerability Testing with Nessus
| |
| − |
| |
| − | '''Who:''' Rik A. Jones is a Senior Information Security Analyst for the Dallas County Community College District (DCCCD)
| |
| − |
| |
| − | '''Where:'''
| |
| − | SMU
| |
| − | Caruth Hall
| |
| − | Palmer Conference Center / 406 Caruth Hall
| |
| − | 3145 Dyer Street
| |
| − | Dallas, Texas 75205
| |
| − |
| |
| − | [http://smu.edu/maps/campus.asp Map]
| |
| − | (Caruth Hall is building 44 on the campus map link.)
| |
| − |
| |
| − | == January Meeting ==
| |
| − |
| |
| − | '''When:''' January 11, 2012, 11:30am - 1:00pm
| |
| − |
| |
| − | '''Topic: ''' OWASP TOP 10
| |
| − |
| |
| − | Power point demonstration of OWASP Top Ten Web Application Security Vulnerabilities with actual hacking examples. This presentation will cover such vulnerabilities as SQL injection, XSS and CSRF. Discussion, hands on exercise and question and answer session.
| |
| − |
| |
| − | '''Who:''' Matt Parsons, VP Parsons Software Security Consulting
| |
| − |
| |
| − | '''Where:'''
| |
| − | North Lake College (Central Campus)
| |
| − | 5001 N. MacArthur Blvd.
| |
| − | Irving, TX 75038
| |
| − | Phone: 972-273-3000
| |
| − | Building: G
| |
| − | Room: 405
| |
| − |
| |
| − | [http://www.northlakecollege.edu/pages/central-campus-directions.aspx Map]
| |
| − |
| |
| − |
| |
| − | ==== Presentation Archives ====
| |
| − |
| |
| − | == November 7, 2012 ==
| |
| − |
| |
| − | '''Title: ''' Internet Security Threat Report
| |
| − |
| |
| − | '''Speaker:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
| |
| − |
| |
| − | '''Slides''':
| |
| − | [[Media:Symantec_ISTR_17.pdf]]
| |
| − |
| |
| − | ==February 1, 2012==
| |
| − |
| |
| − | '''Title''': Web Application Vulnerability Testing with Nessus
| |
| − |
| |
| − | '''Speaker''': Rik A. Jones, Senior Information Security Analyst for the Dallas County Community College District (DCCCD)
| |
| − |
| |
| − | '''Slides''':
| |
| − | [[Media:Web Application Vul Testing with Nessus 2012.02.01.pdf]]<br>
| |
| − | [[Media:OWASP Broken Web Applications 2012.02.01.pdf]]
| |
| − |
| |
| − | ==January 11, 2012==
| |
| − |
| |
| − | '''Title''': OWASP TOP 10
| |
| − |
| |
| − | '''Speaker''': Matt Parsons, VP Parsons Software Security Consulting
| |
| − |
| |
| − | '''Slides''': [[Media:OWASPtopTen.pdf]]
| |
| | | | |
| | | | |
Revision as of 18:21, 6 November 2015
OWASP Dallas
Welcome to the Dallas chapter homepage. The chapter leaders are
Chapter Lead- Matt Parsons
Hospitality/Facilities Lead- Rik Jones
Web Lead- Jeromme Lawler
Board Member- Denis Sheridan
Board Member- Steve Horstman
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
Get Connected and Stay Connected
In addition to our Mailing List we also have a Dallas OWASP Twitter Feed a Dallas OWASP Facebook Page and a Dallas OWASP Linkedin Group. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.
Click any of the links below to visit the corresponding Dallas OWASP social networking groups:
Announcements
November Meeting
When: Tuesday, November 17th, 2015 from 5:30 PM – ?:?? PM
Topic: OWASP Dallas Happy Hour
We'll have a reserved high-top table in front of the bar.
We've had some great turnouts at our last 2 meetings and there have been a lot of new faces. We wanted to finish the year strong by giving everyone a chance to hang out and get to know one another. There won't be a specific topic presented at this meeting, but if you have suggestions, feedback, comments, etc. We'd love to hear them as we start our planning for 2016.
This meeting will be sponsored by Qualys. Thank you!
Where: Mexican Sugar at Shops at Legacy - 7501 Lone Star Drive, Suite 8150, Plano, TX
http://meetu.ps/2QqkZg
Previous Meetings
October Meeting
When: Wednesday October 7th, 2015 from 11:30 AM – 1:00 PM
Topic: Anatomy of a Logic Flaw
Who: Charles Henderson is the Vice President of Managed Security Testing at Trustwave.
Where: 6011 Connection Drive, Irving, TX 75039. Volunteers will be onsite to escort you from the lobby to the meeting room.
September Meeting
When: Thursday September 17th, 2015 from 5:30PM – 6:30 PM
Topic: Application Security Trends
Who: Stephen Pasco is a Vice President of Application Risk at Goldman Sachs
Where: 6011 Connection Drive, Irving, TX 75039. Volunteers will be onsite to escort you from the lobby to the meeting room.
May Meeting
When: Wednesday May 6, 2015 from 11:30 AM – 1:00 PM
Topic: The Future of Mobile Payments: Secure Mobile Architecture
Who: Denis M. Sheridan is a Managing Consultant at Cigital.
Where: North Lake College Central Campus, 5001 North MacArthur Boulevard, Irving, Texas 75038, Room: A-215
October Meeting
When: Wednesday October 1, 2014 from 11:30 AM – 1:00 PM
Topic: Succeeding with Enterprise Software Security Key Performance Indicators
Who: Rafal Los, Director, Office of the CISO
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
March Meeting
When: Wednesday March 5, 2014 from 11:30 AM – 1:00 PM
Topic: OWASP Dallas basic Python tutorial
Who: Matt Parsons, CISSP MSM
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
September Meeting
When: Wednesday September 11, 2013 from 11:30 AM – 1:00 PM
Topic: PCI Mobile Payment Acceptance Security Guidelines for Developers
Who: Ralph Spencer Poore, Director, Emerging Standards at PCI Security Standards Council
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
Slides: Media:Dallas OWASP 9-11-2013.pdf
May Meeting
When: Wednesday May 8, 2013 from 11:30 AM – 1:00 PM
Topic: Implementation Patterns for Software Security Programs
Who: Dan Cornell, Principal, Denim Group
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
Map
February Meeting
When: Wednesday February 6, 2013 from 11:30 AM – 1:00 PM
Topic: Using Webappsec Vulns to Break Censorship
Who: Robert Hansen, a.k.a. rsnake
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
Map
