|
|
| Line 44: |
Line 44: |
| | ==== Announcements ==== | | ==== Announcements ==== |
| | | | |
| − | == September Meeting == | + | == October Meeting == |
| − | '''When:''' Wednesday September 12, 2012 from 11:30 AM – 1:00 PM (Note the date change due to holiday) | + | '''When:''' Wednesday October 3, 2012 from 11:30 AM – 1:00 PM |
| − | | |
| | | | |
| − | '''Topic: ''' The Importance of Application Security.
| |
| | | | |
| − | This presentation demonstrates how important application security is to the overall stability and security of the infrastructure and the ultimately, the business. Presented from the Information Security Officer/Risk Manager point of view, it shows how a strong information security program reduces levels of reputational, operational, legal, and strategic risk by limiting vulnerabilities, increasing stability, and maintaining customer confidence and trust. It focuses on the top concerns of risk managers and how application security fits into the overall risk management process. The presenter will also introduce a cheat sheet that can be used by developers, auditors, and CISOs to increase compliance and stability.
| + | '''Topic: ''' Exploitation Techniques and Mitigation |
| | | | |
| | + | The topic will be covering exploitation techniques and mitigation. The presentation will cover different types of attacks, along with source code examples of the insecure code. The speaker will be covering exploit development techniques and tools. He will also discuss how attackers can bypass exploit mitigation techniques, and how developers can use this knowledge to develop more secure code. |
| | | | |
| − | '''Who:''' Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC
| |
| | | | |
| − | Mr. Perfetti has been working in information security for fifteen years. Currently he is the Director of Security Services and Operations at IMPACT Security LLC of Dallas, Texas. He has been involved in IT Security for the financial services industry for ten years where he has worked as an Information Security Officer as well as having been responsible for vulnerability and threat management, and security engineering. Mr. Perfetti worked for Viacom and MTV as the Manager of Systems Administration and was the Director of IT Risk Management for the National Basketball Association. He has a broad range of experience in both operations and security. Mr. Perfetti provided governance and guidance over risk and compliance issues for the Americas region of ABN AMRO as the Local Information Security Officer for New York. His responsibilities were primarily to manage the risk for infrastructure related technology and operations. Other duties included audit, business continuity, investigations, and security operations oversight. He was head of IT Security & Governance at Tygris Commercial Finance. He was formerly the VP of the NY/NJ Metro Chapter of OWASP and also served on the IT Security Advisory Board for the Technology Manager's Forum in New York City. Mr. Perfetti's accomplishments have been discussed in two books on achieving high performing, stable, and secure infrastructure. Currently Mr. Perfetti is at IMPACT Security LLC, a private security company, that specializes in Vulnerability & Risk Assessment; Incident & Audit Response, Prevention, and Recovery; as well as developing, enhancing, and implementing Security and Risk Management programs.
| + | '''Who:''' James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc |
| | | | |
| | + | James McFadyen works as an Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc.. He is active at the University of Texas at Dallas Computer Security Group, where he does research reverse engineering, web application security, cryptography and exploitation. He has been researching exploit development for over 3 years. He is a member of blacksecurity, a Dallas security group. |
| | | | |
| | | | |
| Line 77: |
Line 76: |
| | | | |
| | | | |
| − | == August Meeting == | + | == September Meeting == |
| − | '''When:''' Wednesday August 1, 2012 from 11:30 AM – 1:00 PM | + | '''When:''' Wednesday September 12, 2012 from 11:30 AM – 1:00 PM |
| | | | |
| | + | '''Topic: ''' The Importance of Application Security. |
| | | | |
| − | '''Topic: ''' Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web. | + | '''Who:''' Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC |
| | | | |
| − | Math is hard. So when math is responsible for ensuring the performance and security of Web servers, unsafely implemented algorithms can lead to some hilarious misadventures--just add adversary! In this presentation, we'll cover the following relatively recent, public examples of computational and cryptographic mischief:
| + | '''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118 |
| | | | |
| − | * Hash collision denial of service vs ASP.NET
| + | [http://www.richlandcollege.edu/map/ Map] |
| − | * MD5 collision rogue certificate
| |
| − | * Debian weak SSL keys
| |
| − | * Insufficient RSA key randomness ("Ron was wrong, Whit is right")
| |
| − | * BEAST client-side SSL attack
| |
| − | * Padding oracle decryption (POET) vs ASP.NET
| |
| | | | |
| − | Despite the subject matter, the presentation is not especially technical (nor mathematical), and it features demonstrations where possible.
| + | == August Meeting == |
| | + | '''When:''' Wednesday August 1, 2012 from 11:30 AM – 1:00 PM |
| | | | |
| | + | '''Topic: ''' Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web. |
| | | | |
| | '''Who:''' Derek Soeder, founder, Ridgeway Internet Security | | '''Who:''' Derek Soeder, founder, Ridgeway Internet Security |
| | | | |
| − | Derek Soeder is a software engineer, reverse engineer, and vulnerability researcher, and the founder of Ridgeway Internet Security, which specializes in Web server security software and services.
| + | '''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118 |
| − | | |
| − | | |
| − | | |
| − | '''Where:''' | |
| − | | |
| − | Richland College | |
| − | | |
| − | 12800 Abrams Road | |
| − | | |
| − | Dallas, TX 75243 | |
| − | | |
| − | | |
| − | Room: Sabine Hall: SH118 | |
| − | | |
| | | | |
| | [http://www.richlandcollege.edu/map/ Map] | | [http://www.richlandcollege.edu/map/ Map] |
| − |
| |
| | | | |
| | '''Slides''': [[Media:Malicious Math - Final.pptx]] | | '''Slides''': [[Media:Malicious Math - Final.pptx]] |
| − |
| |
| − |
| |
| | | | |
| | == July Meeting == | | == July Meeting == |
| Line 226: |
Line 206: |
| | ==== Presentation Archives ==== | | ==== Presentation Archives ==== |
| | | | |
| − | This is a new program, we will start collecting our speakers' presentation materials and make them available for viewing and download here.
| |
| | | | |
| | ==February 1, 2012== | | ==February 1, 2012== |
| Line 246: |
Line 225: |
| | '''Slides''': [[Media:OWASPtopTen.pdf]] | | '''Slides''': [[Media:OWASPtopTen.pdf]] |
| | | | |
| − | ==May 4, 2011==
| |
| − |
| |
| − | '''Title''': Using the Mobile Top 10 as a Guide for Mobile Application Security
| |
| − |
| |
| − | '''Speaker''': Clint Pollock, VERACODE
| |
| − |
| |
| − | '''Slides''': [[Media:MobileTopTen.pdf]]
| |
| − |
| |
| − | ==March 2, 2011==
| |
| − |
| |
| − | '''Title''': OWASP WTE: Application Pen Testing '''your''' way.
| |
| − |
| |
| − | '''Speaker''': Matt Tesauro, [http://bit.ly/fQGqIk OWASP] Board Member, Project Lead for the [http://bit.ly/hIbx9c OWASP WTE Live CD project], and VP of Services at [http://bit.ly/fNj64E Praetorian]
| |
| − |
| |
| − | '''Slides''': [[Media:OWASP-Dallas-Chapter-Mar-2011-1.pdf]]
| |
| − |
| |
| − | ==== Past Meetings Archive ====
| |
| − |
| |
| − | == May 4, 2011 ==
| |
| − |
| |
| − | === Sponsors: ===
| |
| − |
| |
| − | [[Image:Screen_shot_2011-02-24_at_10.47.51_AM.png|link=http://www.smu.edu]]
| |
| − |
| |
| − | '''Make sure to sign up for any of the social media network links above to get future announcements.'''
| |
| − | <br>
| |
| − |
| |
| − | '''Title''': Using the Mobile Top 10 as a Guide for Mobile Application Security
| |
| − |
| |
| − | '''Speaker''': Clint Pollock, VERACODE
| |
| − |
| |
| − | '''Date''': May 4, 2011
| |
| − |
| |
| − | '''Time''': 11:30AM - 1:00 PM
| |
| − |
| |
| − | '''Location''': <br>Southern Methodist University <br>Dallas TX 75205
| |
| − |
| |
| − | '''Room details:'''<br>
| |
| − | '''Building:''' Hughes-Trigg Student Center
| |
| − | '''Room:''' The Forum (on the first floor)
| |
| − |
| |
| − | '''Directions:'''
| |
| − | For campus direction please visit [http://smu.edu/maps/directions.asp http://smu.edu/maps/directions.asp]
| |
| − |
| |
| − | '''Parking:'''
| |
| − | For parking, guests have few options, they can use '''Moody Parking Garage for $5''', the machine takes cash or plastic. Otherwise, they can look for free parking spots on '''University Boulevard''' or '''Mcfarlin Boulevard'''.
| |
| − |
| |
| − | '''Campus Map:'''
| |
| − | An interactive campus map can be found at [http://smu.edu/maps/flash/ http://smu.edu/maps/flash/]
| |
| − | Printable map:
| |
| − |
| |
| − | '''Cost:''' Always Free
| |
| − |
| |
| − | | |
| − | This will help expedite the check-in process. Thanks.
| |
| − |
| |
| − | '''Abstract:'''
| |
| − |
| |
| − | The Top 10 Mobile Application Risks, or “Mobile App Top 10” for short, is a list of the most prevalent risks to look for in the mobile applications you are developing and consuming.
| |
| − |
| |
| − | Many of the risks in mobile devices are similar to those of traditional spyware, Trojan software, and insecurely designed apps. However, mobile devices are not just small computers. Mobile devices are designed around personal and communication functionality which makes the top mobile applications risks different from the top traditional computing risks.
| |
| − |
| |
| − | The Mobile App Top 10 can be used to determine the coverage of a security solution which can protect against these risks. A mobile app security solution can declare its coverage of the Mobile App Top 10 so customers can understand what risks the solution mitigates. Mobile app security solutions can be used in the development of an app, as part of an app store vetting process, for acceptance testing of an app, or for security software running on a mobile device.
| |
| − |
| |
| − | '''Speaker Bio:'''
| |
| − |
| |
| − | Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches. Clint resides in Chicago, IL.
| |
| − |
| |
| − | == April 6, 2011 ==
| |
| − |
| |
| − | === Sponsors: ===
| |
| − |
| |
| − | [[Image:FortifyHP.png|link=http://www.fortify.com]]
| |
| − |
| |
| − | We would like to thank Fortify for sponsoring the lunch for this meeting.
| |
| − |
| |
| − | [[Image:Screen_shot_2011-02-24_at_10.47.51_AM.png|link=http://www.smu.edu]]
| |
| − |
| |
| − | We would like to thank SMU for agreeing to host us until May, 2011
| |
| − |
| |
| − | <br>
| |
| − | ==Meeting Details:==
| |
| − |
| |
| − | '''Title''': Breaking the Paradigm of AppSec as a Disruptive Cost Center
| |
| − |
| |
| − | '''Speaker''': Peter Perfetti, Impact Security
| |
| − |
| |
| − | '''Date''': April 6, 2011
| |
| − |
| |
| − | '''Time''': 11:30AM - 1:00 PM
| |
| − |
| |
| − | '''Location''': <br>Southern Methodist University <br>6425 Boaz Lane<br>Dallas TX 75205
| |
| − |
| |
| − | '''Room details:'''<br>
| |
| − | '''Building:''' Hughes-Trigg Student Center
| |
| − | '''Room:''' Atrium A&B
| |
| − |
| |
| − | '''Directions:'''
| |
| − | For campus direction please visit [http://smu.edu/maps/directions.asp http://smu.edu/maps/directions.asp]
| |
| − |
| |
| − | '''Parking:'''
| |
| − | For parking, guests have few options, they can use '''Moody Parking Garage for $5''', the machine takes cash or plastic. Otherwise, they can look for free parking spots on '''University Boulevard''' or '''Mcfarlin Boulevard'''.
| |
| − |
| |
| − | '''Campus Map:'''
| |
| − | An interactive campus map can be found at [http://smu.edu/maps/flash/ http://smu.edu/maps/flash/]
| |
| − | Printable map:
| |
| − |
| |
| − | '''Cost:''' Always Free
| |
| − |
| |
| − | | |
| − | This will help expedite the check-in process. Thanks.
| |
| − |
| |
| − | '''Abstract''':
| |
| − |
| |
| − | This presentation outlines the primary risk concerns for application security, audit, and compliance then expands on those topics to create a "Checklist for Application Security, Systems, Internetworking, and Engineering". The presentation begins with understanding the types of risks involved, the current pitfalls (and in some cases pratfalls) companies struggle to endure, and what we can do to fix them. The presenter outlines the basic foundation on how to build a program for success, debunking the myth that you can’t have operational stability, security, and compliance while reducing operating costs, and how using this approach helps to achieve this goal.
| |
| − |
| |
| − | Applications are currently a major attack vector as well as being difficult to keep stable, secure, and compliant. But securing only the applications, or just the infrastructure can lead to compromise; and audit, compliance, and legal problems. By applying the author's philosophy and checklists to your organization, staff from support, engineering, application development, up to CISOs can more effectively work together to improve security and meet Executive Management’s tolerance for business risk while achieving business objectives. This presentation highlights the issues, demonstrates how the entire enterprise works together, and finally outlines a basic checklist and a methodology for CISOs, Developers, Administrators, and Engineers alike to ensure business and technology risk management work in concert with all technology areas, including audit and compliance.The method draws its strengths from proven frameworks such as OWASP, SAMM, Visible Ops, FFIEC, CoBIT, and ITIL.
| |
| − |
| |
| − | '''Speaker Bio''':
| |
| − |
| |
| − | Mr. Perfetti has been working in information security for fifteen years. He has been involved in IT Security for the financial services industry for ten years where he has worked as an Information Security Officer as well as having been responsible for vulnerability and threat management, and security engineering. Mr. Perfetti worked for Viacom and MTV as the Manager of Systems Administration and was the Director of IT Risk Management for the National Basketball Association. He has a broad range of experience in both operations and security. Mr. Perfetti provided governance and guidance over risk and compliance issues for the Americas region of ABN AMRO as the Local Information Security Officer for New York. His responsibilities were primarily to manage the risk for infrastructure related technology and operations. Other duties included audit, business continuity, investigations, and security operations oversight. Most recently, he was head of IT Security & Governance at Tygris Commercial Finance. He was formerly the VP of the NY/NJ Metro Chapter of OWASP and is currently a board member of the local chapter. He has served on the IT Security Advisory Board for the Technology Manager’s Forum. Mr. Perfetti’s accomplishments have been discussed in two books on achieving high performing, stable, and secure infrastructure. Currently Mr. Perfetti operates IMPACT Security LLC, a private security contractor firm, that specializes in Vulnerability & Risk Assessment; developing, enhancing, and implementing Security and Risk Management programs; and Incident & Audit Response, Prevention, and Recovery.
| |
| − |
| |
| − | == March 2, 2011 ==
| |
| − |
| |
| − | * Matt Tesauro will be bringing a professionally bound copy of the OWASP 2010 Top 10, signed by the authors Jeff Williams (http://www.owasp.org/index.php/User:Jeff_Williams) and Dave Wichers (http://www.owasp.org/index.php/User:Wichers) that he picked up at the Summit. We'll raffle this at the end of the meeting for all who've registered*. * must be present to win
| |
| − | * We have posted the room and building information below, as well as information about parking and maps of the SMU Campus (2/9/11)
| |
| − | * We have added an official EventBright RSVP page. '''[http://www.eventbrite.com/event/1287249197 Please Click here to RSVP for March 2nd (FREE)]''' (2/8/11)
| |
| − | * We have confirmed that Southern Methodist University will host our upcoming meeting on March 2nd. (2/7/11)
| |
| − |
| |
| − | '''Make sure to sign up for any of the social media network links above to get future announcements.'''
| |
| − | <br>
| |
| − |
| |
| − |
| |
| − | === Sponsors: ===
| |
| − | [[Image:Veracode_logo_2color_OWASP.jpg|link=http://veracode.com]]
| |
| − |
| |
| − | [[Image:Screen_shot_2011-02-24_at_10.47.51_AM.png|link=http://www.smu.edu]]
| |
| − |
| |
| − | We would like to thanks Veracode for providing a light deli lunch for this meeting, and of course SMU for hosting it.
| |
| − |
| |
| − | ===Meeting Details:===
| |
| − |
| |
| − | '''Title''': OWASP WTE: Application Pen Testing '''your''' way.
| |
| − |
| |
| − | '''Speaker''': Matt Tesauro, [http://bit.ly/fQGqIk OWASP] Board Member, Project Lead for the [http://bit.ly/hIbx9c OWASP WTE Live CD project], and VP of Services at [http://bit.ly/fNj64E Praetorian]
| |
| − |
| |
| − | '''Date''': March 2, 2011
| |
| − |
| |
| − | '''Time''': 11:30AM - 1:00 PM
| |
| − |
| |
| − | '''Location''': <br>Southern Methodist University <br>6425 Boaz Lane<br>Dallas TX 75205
| |
| − |
| |
| − | We will meet at: '''Huitt Zollars room''' located at the '''Embrey building''' at '''SMU Main Campus (Dallas)'''.
| |
| − |
| |
| − | '''Directions:'''
| |
| − | For campus direction please visit [http://smu.edu/maps/directions.asp http://smu.edu/maps/directions.asp]
| |
| − |
| |
| − | '''Parking:'''
| |
| − | For parking, guests have few options, they can use '''Moody Parking Garage for $5''', the machine takes cash or plastic. Otherwise, they can look for free parking spots on '''University Boulevard''' or '''Mcfarlin Boulevard'''.
| |
| − |
| |
| − | '''Campus Map:'''
| |
| − | An interactive campus map can be found at [http://smu.edu/maps/flash/ http://smu.edu/maps/flash/]
| |
| − | Printable map:
| |
| − |
| |
| − | '''Cost:''' Always Free
| |
| − |
| |
| − | | |
| − | This will help expedite the check-in process. Thanks.
| |
| − |
| |
| − | '''Abstract''':
| |
| − |
| |
| − | One of the pain points of application penetration testing is keeping all your tools up to date and installed on whatever computer you happen to have with you. After several successful releases of the OWASP Live CD, I had a bit of a think and decided that there was a better way. After a bunch of re-tooling (the fancy word is refactoring), OWASP WTE is ready for prime time. OWASP Web Testing Environment is a project to package application testing tools and make them available in a variety of ways - you pick what works for you: Live CD, Virtual Machine, ala carte installations on your existing Ubuntu system, or maybe even attack tools in the cloud. The choice is yours with WTE.
| |
| − |
| |
| − | In this talk I will cover where OWASP WTE is currently, what features are available and what the future holds. The overall project goal is to make testing tools as widely available and easily usable as possible.
| |
| − |
| |
| − | '''Speaker Bio''':
| |
| − |
| |
| − | Matt is currently on the board of the [http://bit.ly/fQGqIk OWASP Foundation] and highly involved in many OWASP projects and committees. Matt is the project leader of the [http://bit.ly/hIbx9c OWASP WTE] (Web Testing Environment) which is the source of theOWASP Live CD Project and Virtual Machines pre-configured with tools and documentation for testing web applications.
| |
| − |
| |
| − | Matt has been involved in the Information Technology industry for more than 10 years. Matt is currently serving as the VP of services at [http://bit.ly/fNj64E Praetorian], leveraging his experience in application security and consulting. Prior to joining Praetorian, Matt was a Security Consultant at Trustwave's Spider Labs. Matt's focus has been in application security including testing, code reviews, design reviews and training. His background in web application development and system administration helped bring a holistic focus to Secure SDLC efforts he's driven. He has taught both graduate level university courses and for large financial institutions. Matt has presented and provided training a various industry events including DHS Software Assurance Workshop, AppSec EU, AppSec US, AppSec Academia, and AppSec Brazil.
| |
| − |
| |
| − | Industry designations include the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH). Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University.
| |
| − |
| |
| − | Linkedin Profile: http://www.linkedin.com/in/matttesauro
| |
| − | <br><br>
| |
| − |
| |
| − | ==== Dallas OWASP Chapter Leaders ====
| |
| − |
| |
| − | '''The Dallas OWASP chapter leaders are:'''
| |
| − |
| |
| − | | |
| − |
| |
| − | | |
| − |
| |
| − | | |
| − |
| |
| − | | |
| − |
| |
| − | | |
| | | | |
| | __NOTOC__ | | __NOTOC__ |
Revision as of 22:06, 27 September 2012
OWASP Dallas
Welcome to the Dallas chapter homepage. The chapter leaders are
Chapter Lead- Gene McCormick
Hospitality/Facilities Lead- Rik Jones
Membership Lead- Norm Smith
Programs Lead- Matt Parsons
Web/Technology Lead- Mynor Alvarado
Board Member- Andrea Wendeln
Board Member- Don McMillian
Board Member- Tim Shelton
Board Member- Jeromme Lawler
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
THANKS TO OUR SPONSORS:
The Dallas Chapter of OWASP would like to thank Richland College for hosting our monthly meetings.
Get Connected and Stay Connected
The Dallas OWASP chapter is proud to announce several new ways to keep in touch with the leadership and other members of the chapter and greater organization.
In addition to our Mailing List we also have a Dallas OWASP Twitter Feed a Dallas OWASP Facebook Page and a Dallas OWASP Linkedin Group. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.
Click any of the links below to visit the corresponding Dallas OWASP social networking groups:
Announcements
October Meeting
When: Wednesday October 3, 2012 from 11:30 AM – 1:00 PM
Topic: Exploitation Techniques and Mitigation
The topic will be covering exploitation techniques and mitigation. The presentation will cover different types of attacks, along with source code examples of the insecure code. The speaker will be covering exploit development techniques and tools. He will also discuss how attackers can bypass exploit mitigation techniques, and how developers can use this knowledge to develop more secure code.
Who: James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc
James McFadyen works as an Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc.. He is active at the University of Texas at Dallas Computer Security Group, where he does research reverse engineering, web application security, cryptography and exploitation. He has been researching exploit development for over 3 years. He is a member of blacksecurity, a Dallas security group.
Where:
Richland College
12800 Abrams Road
Dallas, TX 75243
Room: Sabine Hall: SH118
Map
Don't forget to bring your lunch!
September Meeting
When: Wednesday September 12, 2012 from 11:30 AM – 1:00 PM
Topic: The Importance of Application Security.
Who: Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
Map
August Meeting
When: Wednesday August 1, 2012 from 11:30 AM – 1:00 PM
Topic: Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web.
Who: Derek Soeder, founder, Ridgeway Internet Security
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
Map
Slides: Media:Malicious Math - Final.pptx
July Meeting
When: Wednesday July 11, 2012 from 11:30 AM – 1:00 PM
Topic: Reinventing Dynamic Testing: Real-Time Hybrid
Who: Adam Hils; Senior Product Manager HP Enterprise Security Products
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
Map
June Meeting
When: Wednesday June 6, 2012 from 11:30 AM – 1:00 PM
Topic: Is There An End to Testing Ourselves Secure?
Who: Rohit Sethi; Vice President, Product Development, SD Elements
Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
Map
May Meeting
When: Wednesday, May 2, 2012 from 11:30 AM to 1:00 PM
Topic: OWASP and PCI DSS Requirement 6.5
OWASP and PCI DSS Requirement 6.5. Keeping current with the OWASP top 10 and how it impacts companies PCI compliance and training. Tony will discuss how McAfee complies to the requirement and how McAfee must make changes to match the current top 10 as well has making sure that developers keep up to date on training.
Who: Tony Gunn; Director of Security Operations for McAfee
Where:
North Lake College (Central Campus)
5001 N. MacArthur Blvd.
Irving, TX 75038
Phone: 972-273-3000
Building: A
Room: 206
Map
March Meeting
When: March 7, 2012, 11:30am - 1:00pm
Topic: AAA for Hybrid Cloud Environment
During this session, presented by Symplified, we will explore four areas of interest.
Web, SaaS, Mobile Application Adoption
Protecting sensitive data
WAM for the Public Cloud
Identity Sprawl
Who: Cullen Landrum, CISSP is a Senior Systems Engineer at Symplified.
Where:
North Lake College (Central Campus), 5001 N. MacArthur Blvd. Irving, TX 75038
Phone: 972-273-3000
Building: A
Room: 206
Map
February Meeting
When: February 1, 2012, 11:30am - 1:00pm
Topic: Web Application Vulnerability Testing with Nessus
Who: Rik A. Jones is a Senior Information Security Analyst for the Dallas County Community College District (DCCCD)
Where:
SMU
Caruth Hall
Palmer Conference Center / 406 Caruth Hall
3145 Dyer Street
Dallas, Texas 75205
Map
(Caruth Hall is building 44 on the campus map link.)
January Meeting
When: January 11, 2012, 11:30am - 1:00pm
Topic: OWASP TOP 10
Power point demonstration of OWASP Top Ten Web Application Security Vulnerabilities with actual hacking examples. This presentation will cover such vulnerabilities as SQL injection, XSS and CSRF. Discussion, hands on exercise and question and answer session.
Who: Matt Parsons, VP Parsons Software Security Consulting
Where:
North Lake College (Central Campus)
5001 N. MacArthur Blvd.
Irving, TX 75038
Phone: 972-273-3000
Building: G
Room: 405
Map
Presentation Archives
February 1, 2012
Title: Web Application Vulnerability Testing with Nessus
Speaker: Rik A. Jones, Senior Information Security Analyst for the Dallas County Community College District (DCCCD)
Slides:
Media:Web Application Vul Testing with Nessus 2012.02.01.pdf
Media:OWASP Broken Web Applications 2012.02.01.pdf
January 11, 2012
Title: OWASP TOP 10
Speaker: Matt Parsons, VP Parsons Software Security Consulting
Slides: Media:OWASPtopTen.pdf
