This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Los Angeles"
Mike Francis (talk | contribs) |
Mike Francis (talk | contribs) |
||
| Line 51: | Line 51: | ||
Topic: Web Attacks at Scale in 2015 (Alternative Title: Web Security Bootcamp) | Topic: Web Attacks at Scale in 2015 (Alternative Title: Web Security Bootcamp) | ||
| − | <u>Abstract:</u> This talk is an attacker-centric presentation demonstrating how modern pen-testing tools such as OWASP Zap, Browser Exploitation Framework (BeEF) and sqlmap can be used to automate web attacks at scale. Reenactments of some of the most publicized attacks in recent history will be conducted to ensure participants understand and absorb how these attacks are taking place. Full exploits using these tools and more will be demonstrated, and a discussion of solutions will follow. | + | '''<u>Abstract:</u>''' This talk is an attacker-centric presentation demonstrating how modern pen-testing tools such as OWASP Zap, Browser Exploitation Framework (BeEF) and sqlmap can be used to automate web attacks at scale. Reenactments of some of the most publicized attacks in recent history will be conducted to ensure participants understand and absorb how these attacks are taking place. Full exploits using these tools and more will be demonstrated, and a discussion of solutions will follow. |
| − | <u>Speaker Bio:</u> Jerry Hoff is the Principal Security Strategist at WhiteHat Security. Prior to WhiteHat Security, Jerry co-founded Infrared Security, a specialist in application security and next-generation static analysis technologies. His work experience also includes a number of financial firms including Morgan Stanley Asia where he was on the global Security Architecture team based out of Hong Kong. He has more than a decade of experience in application security consulting, and has taught at Washington University’s CAIT program delivering security and development classes for thousands of developers. Jerry is a frequent speaker at numerous security events around the globe, and is a regular OWASP contributor, where he leads up the OWASP Application Tutorial Series and WebGoat.NET. Jerry holds a Master's degree in Computer Science from Washington University in St. Louis. | + | '''<u>Speaker Bio:</u>''' Jerry Hoff is the Principal Security Strategist at WhiteHat Security. Prior to WhiteHat Security, Jerry co-founded Infrared Security, a specialist in application security and next-generation static analysis technologies. His work experience also includes a number of financial firms including Morgan Stanley Asia where he was on the global Security Architecture team based out of Hong Kong. He has more than a decade of experience in application security consulting, and has taught at Washington University’s CAIT program delivering security and development classes for thousands of developers. Jerry is a frequent speaker at numerous security events around the globe, and is a regular OWASP contributor, where he leads up the OWASP Application Tutorial Series and WebGoat.NET. Jerry holds a Master's degree in Computer Science from Washington University in St. Louis. |
<br> | <br> | ||
| Line 69: | Line 69: | ||
Topic: Why Your AppSec Experts Are Killing You | Topic: Why Your AppSec Experts Are Killing You | ||
| − | <u>Abstract:</u> Software development has been transformed by practices like Continuous Integration and Continuous Integration, while application security has remained trapped in expert-based waterfall mode. In this talk, Jeff will show you how you can evolve into a “Continuous Application Security” organization that generates assurance automatically across an entire application security portfolio. Jeff will show you how to bootstrap the “sensor-model-dashboard” feedback loop that makes real time, continuous application security possible. He will demonstrate the approach with a new *free* tool called Contrast for Eclipse that brings the power of instrumentation-based application security testing directly into the popular IDE. Check out “Application Security at DevOps Speed and Portfolio Scale” for some background. | + | '''<u>Abstract:</u>''' Software development has been transformed by practices like Continuous Integration and Continuous Integration, while application security has remained trapped in expert-based waterfall mode. In this talk, Jeff will show you how you can evolve into a “Continuous Application Security” organization that generates assurance automatically across an entire application security portfolio. Jeff will show you how to bootstrap the “sensor-model-dashboard” feedback loop that makes real time, continuous application security possible. He will demonstrate the approach with a new *free* tool called Contrast for Eclipse that brings the power of instrumentation-based application security testing directly into the popular IDE. Check out “Application Security at DevOps Speed and Portfolio Scale” for some background. |
| − | <u>Speaker bio:</u> Jeff Williams is the founder and CTO of Contrast Security, bringing the power of instrumentation and real time analytics to secure your application portfolio. Previously, Jeff was a founder and CEO of Aspect Security. He also served as Global Chairman of the OWASP Foundation where he created many open-source standards, tools, libraries, and guidelines – including the OWASP Top Ten, WebGoat, ESAPI, XSS CheatSheet, ASVS and more. Jeff welcomes hearing from you and may be reached directly at jeff.williams@contrastsecurity.com. | + | '''<u>Speaker bio:</u>''' Jeff Williams is the founder and CTO of Contrast Security, bringing the power of instrumentation and real time analytics to secure your application portfolio. Previously, Jeff was a founder and CEO of Aspect Security. He also served as Global Chairman of the OWASP Foundation where he created many open-source standards, tools, libraries, and guidelines – including the OWASP Top Ten, WebGoat, ESAPI, XSS CheatSheet, ASVS and more. Jeff welcomes hearing from you and may be reached directly at jeff.williams@contrastsecurity.com. |
<br> | <br> | ||
Revision as of 16:58, 2 March 2015
- 1 Welcome to the Los Angeles Chapter!
- 2 Participation
- 3 Announcements
- 4 [1] OWASP-Los-Angeles We are on Meetup. Please join our community here.
- 5 Become an OWASP Member TODAY
- 6 Next OWASP Meeting
- 7 Special OWASP-CSA Joint Meeting March 11,2015 7pm at Symantec Offices in Culver City
- 8 March 25,2015 7pm at Microsoft 13031 W Jefferson Blvd Suite 200, Playa Vista, CA
- 9 Would you like to speak at an OWASP Los Angeles Meeting?
- 10 Upcoming OWASP Meetings
- 11 Other Events
- 12 Issa-LA Summit - Thursday, June 4,5 2015 7:30am - 6pm
- 13 Archives of Previous Meetings
- 14 Los Angeles Chapter
Welcome to the Los Angeles Chapter!
Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission
Get the following benefits::
- Meet upwards of 70-110 potential new clients - Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site - Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting. - Have a table at local chapter meeting - Promote your products and services - Bring a raffle prize to gather business cards
Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations
Participation
OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related security topic you would like to present on.
Announcements
OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY
[1] OWASP-Los-Angeles We are on Meetup. Please join our community here.
If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/
Become an OWASP Member TODAY
Support your LA Chapter: only $50 for the entire year!
https://www.owasp.org/index.php/Individual_Member
Next OWASP Meeting
Special OWASP-CSA Joint Meeting March 11,2015 7pm at Symantec Offices in Culver City
Speaker: Jerry Hoff, VP of the Static Code Analysis Division at WhiteHat Security
Topic: Web Attacks at Scale in 2015 (Alternative Title: Web Security Bootcamp)
Abstract: This talk is an attacker-centric presentation demonstrating how modern pen-testing tools such as OWASP Zap, Browser Exploitation Framework (BeEF) and sqlmap can be used to automate web attacks at scale. Reenactments of some of the most publicized attacks in recent history will be conducted to ensure participants understand and absorb how these attacks are taking place. Full exploits using these tools and more will be demonstrated, and a discussion of solutions will follow.
Speaker Bio: Jerry Hoff is the Principal Security Strategist at WhiteHat Security. Prior to WhiteHat Security, Jerry co-founded Infrared Security, a specialist in application security and next-generation static analysis technologies. His work experience also includes a number of financial firms including Morgan Stanley Asia where he was on the global Security Architecture team based out of Hong Kong. He has more than a decade of experience in application security consulting, and has taught at Washington University’s CAIT program delivering security and development classes for thousands of developers. Jerry is a frequent speaker at numerous security events around the globe, and is a regular OWASP contributor, where he leads up the OWASP Application Tutorial Series and WebGoat.NET. Jerry holds a Master's degree in Computer Science from Washington University in St. Louis.
Thanks to our sponsor:
March 25,2015 7pm at Microsoft 13031 W Jefferson Blvd Suite 200, Playa Vista, CA
Speaker: Jeff Williams is the founder and CTO of Contrast Security
Topic: Why Your AppSec Experts Are Killing You
Abstract: Software development has been transformed by practices like Continuous Integration and Continuous Integration, while application security has remained trapped in expert-based waterfall mode. In this talk, Jeff will show you how you can evolve into a “Continuous Application Security” organization that generates assurance automatically across an entire application security portfolio. Jeff will show you how to bootstrap the “sensor-model-dashboard” feedback loop that makes real time, continuous application security possible. He will demonstrate the approach with a new *free* tool called Contrast for Eclipse that brings the power of instrumentation-based application security testing directly into the popular IDE. Check out “Application Security at DevOps Speed and Portfolio Scale” for some background.
Speaker bio: Jeff Williams is the founder and CTO of Contrast Security, bringing the power of instrumentation and real time analytics to secure your application portfolio. Previously, Jeff was a founder and CEO of Aspect Security. He also served as Global Chairman of the OWASP Foundation where he created many open-source standards, tools, libraries, and guidelines – including the OWASP Top Ten, WebGoat, ESAPI, XSS CheatSheet, ASVS and more. Jeff welcomes hearing from you and may be reached directly at jeff.williams@contrastsecurity.com.
Thanks to our sponsor:
Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/
Would you like to speak at an OWASP Los Angeles Meeting?
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg OR Stuart Schwartz. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.
Upcoming OWASP Meetings
Other Events
Issa-LA Summit - Thursday, June 4,5 2015 7:30am - 6pm
Archives of Previous Meetings
Los Angeles Chapter
- Richard Greenberg -- Chapter Leader and President
- Tin Zaw -- Board Member
- Edward Bonver -- Board Member
- Mike Francis -- Board Member
- Stuart Schwartz -- Board Member
- Aaron Guzman -- Board Member
- Dave Wettenstein -- Board Member
Volunteers: Yev Avidon and Mikhael Felker
OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.
The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!
Web archive: http://2010.AppSecUSA.org
Videos: http://vimeo.com/user4863863/videos
