Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
Line 51: Line 51:
 
<br>
 
<br>
  
==''' Oct 22, 2014 @7pm Symantec Corporation 900 Corporate Pointe , Culver City, CA'''==
+
==''' Nov 19, 2014 @7pm Symantec Corporation 900 Corporate Pointe , Culver City, CA'''==
  
     '''Topic: Breaking the Security of a SaaS Offering '''
+
     '''Topic: '''
    '''Speaker: Stan Borinski, CISSP, CISA'''
+
Android Wear and Google Glass introduce new ways of interacting with our apps and receiving timely, contextual information from the world around us. Smartphones and tablets are becoming the central point for sending and receiving data from wearables and sensors. Building apps for a wearable world introduces new risks as well as shifts the responsibilities for implementing security controls to other layers.
During the course of this presentation we will examine the results of a penetration-test/vulnerability assessment of a SaaS performed a few months ago. We won't just discuss the results; I will SHOW you how unprotected iframes can lead to clickjacking, what attackers can learn from decompiling your Java code, and how a Java RMI architecture probably isn't suited for a SaaS of this type. We'll discuss the vulnerabilities that come from sloppy HTML/CSS code and developing your own "encryption" algorithm, plus what certificate protection a keystore does and doesn't provide.
+
 
 +
Many of the same issues we’re familiar with from past Android experiences are still relevant, while some issues are less impactful or not (currently) possible within existing wearables. At the same time, extending the app’s trust boundaries introduces new points of exposure for developers to be aware of in order to proactively defend against attacks. We want to highlight these areas, which developers may not be aware of when adding a wearable component to an existing app.
 +
 
 +
In this presentation, we will explore how Android Wear and Glass work underneath the hood. We will examine their methods of communication, data replication, and persistence options. We will examine how they fit into the Android development ecosystem and the new risks to privacy and security that need to be considered. Our goal is to deter developers from building wearable apps, but to enable them to make strong security decisions throughout development.
 +
 
 +
    '''Speaker: Jack Mannino'''
 +
 
 +
Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source projects, and leads the OWASP Northern Virginia chapter. In his spare time, he loves to kick around new frameworks and technologies, especially things that run Android. He’s also an optimistic Mets fan, although that optimism slowly fades away every summer.
 
<br>
 
<br>
  
== '''Sponsor: Authentic8 [[Image:Authentic8_HiRes.jpg | 100px |thumb|center]] '''==
+
<!-- == '''Sponsor: Authentic8 [[Image:Authentic8_HiRes.jpg | 100px |thumb|center]] '''== -->
Founded in 2010 by principals from Postini, Authentic8 is redefining how the browser is used within business with our flagship product, Silo. Silo has a deeper containment capability called Toolbox, which is used by CERT, incident response (IR), anti-fraud, and security research teams around the world. Like disposable gloves for stuff you don't want to touch, Toolbox is built fresh based on a desired profile and destroyed at session end. All executable code stays in the sandbox, and it's our IPs that are exposed not yours. The client device only receives encrypted remote display data. Authentic8, Inc. is headquartered in Mountain View, California. Try Silo risk free at www.authentic8.com.
+
...
 +
 
 
<!-- [[Image:Winmagic logo r.jpg | 100px |thumb|center|link=http://www.winmagic.com/]] -->
 
<!-- [[Image:Winmagic logo r.jpg | 100px |thumb|center|link=http://www.winmagic.com/]] -->
  
Line 74: Line 82:
  
 
== '''Upcoming OWASP Meetings'''  ==
 
== '''Upcoming OWASP Meetings'''  ==
<br> ''' Nov 19, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230'''
+
<br>  
==='''Abstract: '''===
 
Android Wear and Google Glass introduce new ways of interacting with our apps and receiving timely, contextual information from the world around us. Smartphones and tablets are becoming the central point for sending and receiving data from wearables and sensors. Building apps for a wearable world introduces new risks as well as shifts the responsibilities for implementing security controls to other layers.
 
 
 
Many of the same issues we’re familiar with from past Android experiences are still relevant, while some issues are less impactful or not (currently) possible within existing wearables. At the same time, extending the app’s trust boundaries introduces new points of exposure for developers to be aware of in order to proactively defend against attacks. We want to highlight these areas, which developers may not be aware of when adding a wearable component to an existing app.
 
 
 
In this presentation, we will explore how Android Wear and Glass work underneath the hood. We will examine their methods of communication, data replication, and persistence options. We will examine how they fit into the Android development ecosystem and the new risks to privacy and security that need to be considered. Our goal is to deter developers from building wearable apps, but to enable them to make strong security decisions throughout development.
 
 
 
==='''Speaker: Jack Mannino'''===
 
Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source projects, and leads the OWASP Northern Virginia chapter. In his spare time, he loves to kick around new frameworks and technologies, especially things that run Android. He’s also an optimistic Mets fan, although that optimism slowly fades away every summer.
 
 
 
  
 
''' Dec 17, 2014: Holiday Networking Event at the Downtown Daily Grill'''
 
''' Dec 17, 2014: Holiday Networking Event at the Downtown Daily Grill'''

Revision as of 16:19, 31 October 2014

Welcome to the Los Angeles Chapter!

New_OWASP_LA_Logo-08-2014.jpg

Donatenow.jpg

Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits:: 

- Meet upwards of 70-110 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting 
- Promote your products and services
- Bring a raffle prize to gather business cards

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

Participation

OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related security topic you would like to present on.

Announcements

AppSec California is back at the Annenberg Beach House January 26-28, 2015. Sign up NOW, before prices go up!


OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY


Meetup_logo3.jpg [1] OWASP-Los-Angeles We are on Meetup. Please join our community here.

If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/


Become an OWASP Member TODAY

Support your LA Chapter: only $50 for the entire year!
https://www.owasp.org/index.php/Individual_Member



Next OWASP Meeting

**NOTE: Please review NEW parking rules (@meetup.com) for our monthly meetings at Symantec as of 7/22/2014 **

Nov 19, 2014 @7pm Symantec Corporation 900 Corporate Pointe , Culver City, CA

   Topic:

Android Wear and Google Glass introduce new ways of interacting with our apps and receiving timely, contextual information from the world around us. Smartphones and tablets are becoming the central point for sending and receiving data from wearables and sensors. Building apps for a wearable world introduces new risks as well as shifts the responsibilities for implementing security controls to other layers.

Many of the same issues we’re familiar with from past Android experiences are still relevant, while some issues are less impactful or not (currently) possible within existing wearables. At the same time, extending the app’s trust boundaries introduces new points of exposure for developers to be aware of in order to proactively defend against attacks. We want to highlight these areas, which developers may not be aware of when adding a wearable component to an existing app.

In this presentation, we will explore how Android Wear and Glass work underneath the hood. We will examine their methods of communication, data replication, and persistence options. We will examine how they fit into the Android development ecosystem and the new risks to privacy and security that need to be considered. Our goal is to deter developers from building wearable apps, but to enable them to make strong security decisions throughout development. 

   Speaker: Jack Mannino

Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source projects, and leads the OWASP Northern Virginia chapter. In his spare time, he loves to kick around new frameworks and technologies, especially things that run Android. He’s also an optimistic Mets fan, although that optimism slowly fades away every summer.

...


Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg OR Stuart Schwartz. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Upcoming OWASP Meetings


Dec 17, 2014: Holiday Networking Event at the Downtown Daily Grill

Holiday.jpg


January 26-28, 2015 OWASP AppSec California Summit -

Other Events





Archives of Previous Meetings

2014 Meetings

2013 Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

Presentation Archive


Los Angeles Chapter

Volunteers: Yev Avidon and Mikhael Felker
OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!


Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=Los_Angeles&oldid=184487"