This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
Line 48: Line 48:
 
== '''Next OWASP Meeting'''==
 
== '''Next OWASP Meeting'''==
 
''**NOTE: Please review NEW parking rules (@meetup.com) for our monthly meetings at Symantec as of 7/22/2014 **''
 
''**NOTE: Please review NEW parking rules (@meetup.com) for our monthly meetings at Symantec as of 7/22/2014 **''
==''' Sept 17, 2014 Joint OWASP and ISSA Dinner meeting'''==
+
==''' Oct 22, 2014 '''==
  
*'''[http://www.meetup.com/OWASP-Los-Angeles/events/185681402/ Sept 17, 2014 Joint OWASP and ISSA Dinner meeting]'''
 
    '''Topic: Securing the SDLC in the real world'''
 
    '''Speaker: Jim Manico'''
 
The earlier you address security in the engineering of software, the less expensive it will be for your organization. There are many who will tell you that you need to change all of your current processes around building software so it is more secure. Many of those forces are consultants charging high rates to help you deeply modify what you are doing today. This talk will will take the opposite approach. How can you add a few reasonable and mostly lightweight processes to how you build software today to make it more secure? Software development is like driving a boat. You need to look ahead make small changes to steer effectively.
 
  
Jim Manico is an author and educator of developer security awareness trainings. He is also a frequent speaker on secure software practices and is a member of the JavaOne "rockstar hall of fame". He has a 17 year history building software as a developer and architect. Jim is also one of the members of the Global Board of Directors for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects. Jim is currently working on a book with McGraw-Hill and Oracle-Press on Java Security. For more information, see http://www.linkedin.com/in/jmanico.  
+
    '''Topic: Breaking the Security of a SaaS Offering '''
 +
    '''Speaker: Stan Borinski, CISSP, CISA'''
 +
During the course of this presentation we will examine the results of a penetration-test/vulnerability assessment of a SaaS performed a few months ago. We won't just discuss the results; I will SHOW you how unprotected iframes can lead to clickjacking, what attackers can learn from decompiling your Java code, and how a Java RMI architecture probably isn't suited for a SaaS of this type.  We'll discuss the vulnerabilities that come from sloppy HTML/CSS code and developing your own "encryption" algorithm, plus what certificate protection a keystore does and doesn't provide.
  
  
 
<br>
 
<br>
  
== '''Sponsor: Checkpoint and Guidance Software '''==
+
== '''Sponsor: TBD '''==
  
 
<!-- [[Image:Winmagic logo r.jpg | 100px |thumb|center|link=http://www.winmagic.com/]] -->
 
<!-- [[Image:Winmagic logo r.jpg | 100px |thumb|center|link=http://www.winmagic.com/]] -->
Line 97: Line 95:
  
 
== '''Other Events'''  ==
 
== '''Other Events'''  ==
*''' [http://2014.appsecusa.org/2014 AppSec USA 2014 Denver, Colorado September 16-19th ] '''
+
<!-- *''' [http://2014.appsecusa.org/2014 AppSec USA 2014 Denver, Colorado September 16-19th ] ''' -->
 
<br>
 
<br>
 
*''' [http://bit.ly/1lYF4b7 USA Mobile App Hacking Workshop FYI] '''
 
 
Attendees will: (each session will be 2.5 hours long) 
 
 
+ Learn about the evolutions in the mobile threat landscape
 
 
+ Participate in a live demonstration of reverse-engineering and tampering attacks (customized workstation included) via ‘hands-on’ exercises that teach attendees how hackers use third party tools to compromise app integrity  (e.g. Clutch, IDA, Hex-Rays, otool, classdump, Theos, gds/nm/strings debuggers, etc.) using the workshop sample mobile banking app or even their own app!
 
 
+ Explore findings from mobile banking red-team testing projects at several top global banks
 
 
The inaugural workshop will uniquely enable attendees to immediately apply their app protection learning’s in their own environments in order to mitigate app binary risk and implement new approaches on mobile app security.
 
 
Limited Seating and Prequalification
 
Workshop seats are limited to 10 per day on Sept. 18 at 1pm and Sept. 19th at 9am.  To fully engage in the workshop, interested participants need to have advanced app development and computer engineering skills.  Due to the severely limited size, participants will receive confirmation upon completion of pre-qualification questions from the following survey http://bit.ly/1lYF4b7.
 
 
  
 
<!-- *''' [https://www.eventbrite.com/e/issa-la-april-lunch-meeting-tickets-11075766917?ref=ebtnebregn ISSA-LA April lunch meeting at Taix French Restaurant - Wednesday, April 16, 2014 11:30am - 1:45pm ] '''
 
<!-- *''' [https://www.eventbrite.com/e/issa-la-april-lunch-meeting-tickets-11075766917?ref=ebtnebregn ISSA-LA April lunch meeting at Taix French Restaurant - Wednesday, April 16, 2014 11:30am - 1:45pm ] '''

Revision as of 17:56, 25 September 2014

Welcome to the Los Angeles Chapter!

Donatenow.jpg

Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits::

- Meet upwards of 60-90 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting 
- Promote your products and services
- Bring a raffle prize to gather business cards

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

Participation

OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related security topic you would like to present on.

Announcements

OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY


logo.png

We are on Meetup. Please join our community there.

If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/


Become an OWASP Member TODAY

Support your LA Chapter: only $50 for the entire year!
https://www.owasp.org/index.php/Individual_Member




Next OWASP Meeting

**NOTE: Please review NEW parking rules (@meetup.com) for our monthly meetings at Symantec as of 7/22/2014 **

Oct 22, 2014

   Topic: Breaking the Security of a SaaS Offering 
   Speaker: Stan Borinski, CISSP, CISA 

During the course of this presentation we will examine the results of a penetration-test/vulnerability assessment of a SaaS performed a few months ago. We won't just discuss the results; I will SHOW you how unprotected iframes can lead to clickjacking, what attackers can learn from decompiling your Java code, and how a Java RMI architecture probably isn't suited for a SaaS of this type. We'll discuss the vulnerabilities that come from sloppy HTML/CSS code and developing your own "encryption" algorithm, plus what certificate protection a keystore does and doesn't provide.



Sponsor: TBD

Sept2014.jpg
Ch.jpg
Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg OR Stuart Schwartz. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Upcoming OWASP Meetings

Other Events





Archives of Previous Meetings

2014 Meetings

2013 Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

Presentation Archive


Los Angeles Chapter

Volunteers: Yev Avidon and Mikhael Felker
OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!


Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg