Difference between revisions of "San Antonio"

Revision as of 13:41, 21 August 2007

1 OWASP San Antonio
2 Participation
3 Sponsorship/Membership
4 Local News

OWASP San Antonio

Welcome to the San Antonio chapter homepage. The chapter leader is Dan Cornell

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

Local News

San Antonio OWASP Chapter: September 2007 Meeting

Topic: Developing an Application Security Strategy for Large Enterprise Systems

Presenter: Bruce Jenkins, Fortify Software

Date: September 6th, 11:30am – 1:00pm

Location:

San Antonio Technology Center (Web Room) 3463 Magic Drive San Antonio, TX 78229 http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229

Abstract:

Over the past decade, the Department of Defense in general, and the US Air Force in particular, has transformed itself to better deal with 21st century warfare. The Air Force in fact has modified its stated mission to include cyberspace as one of the domains in which it will “fly and fight.” This type of shift in strategic thinking is critical for any organization to properly acknowledge and manage real-world threats against one of its most valuable assets: data.

Despite modernized mission statements and mindsets, organizations continue to have difficulty implementing a course of action for dealing with the threats against software systems serving up their data. It is easy to talk about buying and implementing software security tools for developers, QA testers and post-deployment operators; however, schedules and budgets quickly go bust without consideration of the common obstacles.

This presentation describes an application security strategy for large enterprise systems—what to look out for, and what you must do to ensure the successful rollout of the tools and services necessary to counter the dark side of cyberspace.

Presenter Bio:

Major Bruce C. Jenkins, USAF (Ret.) is Security Practice Director at Fortify Software, Inc., where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.

Prior to joining Fortify, he spent 26 of his 28 years in the service leading people, managing projects, and dealing with technological and organizational change. His military experiences range from managing a small team of aircraft avionics technicians to commanding a communications unit supporting over 3,000 U.S. and international forces in Southwest Asia. Most recently, as Chief of Systems Security, 554th Electronic Systems Wing, he helped establish a nearly $13M budget for creating the Air Force’s first ever Center of Excellence for applications security.

Bruce holds a BS in computer science from the University of Maryland and MS in operations research from the Air Force Institute of Technology. He is a Certified Ethical Hacker with countless hours of Internet surf time, where he has learned that paranoia is a perfectly legitimate state of mind.

Sodas and snacks will be provided. Feel free to bring a brown-bag lunch.

Please RSVP: E-mail [email protected] or call (210) 572-4400.

Previous News

The slide deck from OWASP San Antonio March 2007 meeting will be available online shortly

The slide deck from OWASP San Antonio September 2006 meeting available online here: File:OWASPSanAntonio 2006 09 AgileAndSecure.pdf.

The slide deck from OWASP San Antonio August 2006 meeting available online here: File:OWASPSanAntonio 2006 08 SingleSignOn.ppt.

The slide deck from OWASP San Antonio June 2006 meeting available online here: File:OWASPSanAntonio 2006 06 Crypto Content.pdf.

The slide deck from OWASP San Antonio May 2006 meeting available online here: File:OWASPSanAntonio 2006 05 ForcefulBrowsing Content.pdf.

The slide deck from OWASP San Antonio September 2004 meeting available online here: File:OWASPSanAntonio 20040922.pdf.

Difference between revisions of "San Antonio"

Revision as of 13:41, 21 August 2007

OWASP San Antonio

Participation

Sponsorship/Membership

Local News

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 3: / Line 3: @@
 == Local News ==
-San Antonio OWASP Chapter: April 2007 Meeting
+San Antonio OWASP Chapter: September 2007 Meeting
-Topic: Overtaking Google Desktop
+Topic: Developing an Application Security Strategy for Large Enterprise Systems
-Presenter: Guy Podjarney (Watchfire Corporation)
+Presenter: Bruce Jenkins, Fortify Software
-Date: April 26th, 2007, 11:00am – 12:30pm
+Date: September 6th, 11:30am – 1:00pm
 Location:
 San Antonio Technology Center (Web Room)
 Magic Drive
 San Antonio, TX 78229
 http://maps.google.com/maps?f=q&hl=en&q=3463+Magic+Drive,+San+Antonio,+TX+78229
 Abstract:
-This presentation will describe an innovative attack methodology against Google Desktop which enables an attacker to achieve remote, persistent access to virtual all data on the victim machine, and can further lead to full system control as well.
+Over the past decade, the Department of Defense in general, and the US Air Force in particular, has transformed itself to better deal with 21st century warfare.  The Air Force in fact has modified its stated mission to include cyberspace as one of the domains in which it will “fly and fight.”  This type of shift in strategic thinking is critical for any organization to properly acknowledge and manage real-world threats against one of its most valuable assets:  data.
-The attack leverages vulnerabilities in Google.com web site and Google Desktop, allowing malicious JavaScript to be injected into different responses. In addition, it leverages the integration between Google.com and Google Desktop.
-A significant aspect of this attack is that it emphasizes the danger of the integration between desktop applications and Web based applications, as this opens an aperture for a malicious attacker to escalate his/her privileges by crossing from the Web environment to the desktop application environment.
-The attack also highlights the risks associated with a fully Web based desktop application, and with a tool like Google Desktop which allows easy access to virtual all information on the host machine.
+Despite modernized mission statements and mindsets, organizations continue to have difficulty implementing a course of action for dealing with the threats against software systems serving up their data.  It is easy to talk about buying and implementing software security tools for developers, QA testers and post-deployment operators; however, schedules and budgets quickly go bust without consideration of the common obstacles.
+This presentation describes an application security strategy for large enterprise systems—what to look out for, and what you must do to ensure the successful rollout of the tools and services necessary to counter the dark side of cyberspace.
-In the presentation we’ll review the different steps of the attack, demonstrating skipping from the Web to Google Desktop, overcoming various protection mechanisms built into Google Desktop, and finally exploiting the vulnerability in various ways.
 Presenter Bio:
-Guy Podjarny is Senior Security Analyst with Waltham-based Watchfire, a provider of software and service to help ensure the security and compliance of websites.
+Major Bruce C. Jenkins, USAF (Ret.) is Security Practice Director at Fortify Software, Inc., where his responsibilities include refining customer security requirements, managing Fortify product deployments and delivering security services.
-Guy joined Watchfire in 2004 bringing with him several years of senior product development and web application security expertise from previous roles including Sanctum. As senior security analyst Guy is integral to the development and evolution of Watchfire’s market leading AppScan solution. He is also closely involved with researching and evaluating technologies and helping define and influence strategic directions for Watchfire’s security solutions.
-Guy has spoken at security events, participates in industry working groups and has contributed to several whitepapers and articles on application security.
+Prior to joining Fortify, he spent 26 of his 28 years in the service leading people, managing projects, and dealing with technological and organizational change.  His military experiences range from managing a small team of aircraft avionics technicians to commanding a communications unit supporting over 3,000 U.S. and international forces in Southwest Asia.  Most recently, as Chief of Systems Security, 554th Electronic Systems Wing, he helped establish a nearly $13M budget for creating the Air Force’s first ever Center of Excellence for applications security.
+Bruce holds a BS in computer science from the University of Maryland and MS in operations research from the Air Force Institute of Technology.  He is a Certified Ethical Hacker with countless hours of Internet surf time, where he has learned that paranoia is a perfectly legitimate state of mind.
 Sodas and snacks will be provided.  Feel free to bring a brown-bag lunch.
 Please RSVP: E-mail [email protected]  or call (210) 572-4400.