This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Bay Area"

From OWASP
Jump to: navigation, search
(Next Chapter Meeting: Thursday October 4th)
Line 3: Line 3:
  
  
== Next Chapter Meeting: Wednesday April 18th ==
+
NEXT EVENT:
  
Hello All!,
+
==
 +
Thursday, October 4th ==
 +
  
With all the success that we’ve seen with the meetings recently, I invite you all to attend the OWASP San Francisco City Chapters 1st Annual Membership Drive! We are going to hold it in a little bigger facilities this time (South Beach Yacht Club • Pier 40 on The Embarcadero • San Francisco, CA 94107 • (415) 495-2295, see below for directions) and I got some people to sponsor Food and Beverages (Beer, Soda, etc) AND as an added Bonus, FREE PARKING! Yes that’s right, we have 50 parking spaces available for the first 50 people to attend, so bring a friend, or 4 to sign up for the OWASP City chapter meetings. As an added Bonus to free food, free drinks, free parking… we have free stuff! Yes the first 25 people will receive one of our speakers new book, Caleb Simas www.webhackingexposed.com[www.webhackingexposed.com].
+
'''Agenda and Presentations:'''
  
 +
6:00pm – 6:30pm          Check-in and Reception (food and beverages)
  
'''PLEASE RSVP TO BCHRISTIAN@SPIDYNAMICS.COM if you are attending with the Subject RSVP so we can get an accurate head count.'''
+
6:30pm – 7:15pm          Fuzzing vs. Static Analysis - Jacob West
  
-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=
+
7:15pm – 7:30pm          Break & Networking Session
  
'''WHAT:''' San Francisco OWASP Chapter Meeting and 1st Annual Membership Drive
+
7:30pm – 8:15pm          An Analysis of Emerging Security Vulnerabilities & the Impact to Business - Neil Daswani
  
'''WHEN:''' Wednesday, April 18th, 2007
+
8:15pm – 8:30pm          Q & A
  
6:00-6:30 Social (Food and Drinks) and Chapter Announcements
+
'''
6:30-7:30 Presentation and Q and A – Caleb Sima, Co-Founder and CTO SPI Dynamics, Application Security Analysis: Ensuring Your Code is Secure
+
Venue:'''
7:30-8:30 Presentation and Q and A – Kartik Trivedi, Director Accuvant. AJAX and Web 2.0 vulnerabilities
 
  
'''WHERE:''' South Beach Yacht Club • Pier 40 on The Embarcadero • San Francisco, CA 94107 • (415) 495-2295. ([http://www.southbeachyc.org/images/p2_sbyc_map.gif] ) There will be 50 parking spaces allocated for us so parking is FREE!
+
Golden Gate University
 +
Room 2203
 +
536 Mission Street
 +
(Between 1st & 2nd Streets or Montgomery Street BART Station)
 +
San Francisco, CA 94105-2968
  
-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=
+
''
 +
“Fuzzing vs. Static Analysis”'' by Jacob West
  
'''Caleb Sima, Co-founder and CTO - Application Security Analysis: Ensuring Your Code is Secure'''
+
'''Abstract:'''
 +
This talk discusses how fuzzing and other runtime testing techniques are great at finding certain kinds of bugs. The trick is, effective fuzzing requires a lot of customization. The fuzzer needs to understand the protocol being spoken, anticipate the kinds of things that could go wrong in the program, and have some way to judge whether or not the program has gone into a tailspin. Get this setup wrong, and you end up fuzzing the wrong thing, exercising and re-exercising trivial paths through the program, or just plain missing bugs. Fuzzing effectively takes a lot of customization and a lot of time.
 +
The presentation will propose a series of techniques for customizing static, rather than dynamic, tools that will let you find more and better-quality bugs than you ever thought possible.  The talk concludes with the results of an experiment we conducted on open-source code to compare the effectiveness of fuzzing and static analysis at finding a known-set of security bugs.
 +
 +
'''Bio:'''
 +
Jacob manages Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, "Secure Programming with Static Analysis," which was released in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California.
 +
''
 +
“An Analysis of Emerging Security Vulnerabilities & the Impact to Business”'' by Neil Daswani
  
Understand the top Web application vulnerabilities and the risks they pose.  
+
'''Abstract:'''
Learn the difference between source code analysis and black box testing and how the two combined can increase accuracy of discovering security defects.
+
This talk discusses how IT professionals can go about learning what they need
Establish strategies to identify and eliminate vulnerabilities in existing web applications.  
+
to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. It will review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend
Determine how to embed security into the software development lifecycle to prevent attacks.  
+
against them.  It will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, it will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.  
Develop strategies for Web application audits
 
  
First 20 people will receive an autographed copy of Caleb's book! www.webhackingexposed.com
+
'''Bio:'''
Caleb is widely known within the Internet security community for his expertise in penetration testing and his ability to identify emerging security threats. He began his security career at the S1 Corporation in 1996. Caleb then joined Internet Security Systems as a member of the X-Force, where he focused on the research and development of security advisories for ISS. Some of his engineered exploits have gained media attention in publications such as the New York Times and the Washington Post. He has also been featured in US News and World Report and Security World magazine.
+
Neil has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University , and earned a bachelor's in computer science with honors with distinction from Columbia University
 
 
'''Kartik Trivedi - "Web 2.0 Security "'''
 
 
 
Kartik Trivedi, a recognized software security expert is the director of application security at Accuvant. Accuvant is a leading national security consulting organization that designs and executes strategies to address its clients’ complex information security challenges. Kartik’s role is to build and create a world class strategic software security practice.
 
 
 
Kartik has more then a decade of experience working in the software and security industry. Prior to joining Accuvant, Kartik was a managing consultant and lead instructor at Foundstone – a division of McAfee, Inc. He was the service line owner of web application security and code review practices. Under his leadership, the services became profitable and grew to generate more than 30% of Foundstone’s professional services’ annual revenue. He has performed security roadmap planning, risk assessment, threat analysis, application assessments, code reviews, network penetration tests, secure SDLC and wireless reviews for large number of fortune 500 clients. Kartik instructed the Ultimate Hacking and secure software development classes. He was the recipient of the McAfee president’s club award 2005 for exceptional performance.
 
 
 
Prior to Foundstone, Kartik worked as a software development engineer with Concept Solutions. He was responsible for performing requirements analysis and build dynamic customized portals. Major achievements include implementing complex search algorithms, e-shopping cart software and live chat applications. Before Concept Solutions, Kartik was as a web developer with Larsen and Toubro Limited, where he implemented purchase order module software for ERP solutions.
 
 
 
Kartik is an acclaimed expert, thought leader, and renowned speaker on application and software security. He has been interviewed and quoted in security journals like Security News, Computer Tech Update, Tech World and Security Planet. Kartik is the author of popular security tools like SiteDigger, a Google hacking tool, and WSDigger, a web services testing framework. The tools have been featured in Forbes, Security Focus and more than 200 other security publications. Over the course of his career, Kartik has contributed and reviewed many technical books including Hacking Exposed, Exploiting Software, Hacker Code, and How to Break Web Security. He is a sought-after speaker and has made presentations at several security conferences, such as RSA, Security Leadership Conference, INFOSEC, APPSEC, ISACA, ISSA, and TOORCON
 
 
 
Kartik is involved in several open source software projects. He chairs the OWASP Los Angeles chapter (an open source project to develop secure web application standards) and is a contributing member to VOIPSA (Voice over IP Security Alliance), MONO (open source implementation of .NET in UNIX) and SECCODE (open source repository of secure code) projects. Kartik is a Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), and Certified Information Systems Security Professional (CISSP). He has an MS and a BS in computer science.
 

Revision as of 23:47, 14 September 2007

OWASP San Francisco

Welcome to the San Francisco chapter homepage. The chapter leader is Robi Papp


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG



NEXT EVENT:

== Thursday, October 4th ==


Agenda and Presentations:

6:00pm – 6:30pm Check-in and Reception (food and beverages)

6:30pm – 7:15pm Fuzzing vs. Static Analysis - Jacob West

7:15pm – 7:30pm Break & Networking Session

7:30pm – 8:15pm An Analysis of Emerging Security Vulnerabilities & the Impact to Business - Neil Daswani

8:15pm – 8:30pm Q & A

Venue:

Golden Gate University Room 2203 536 Mission Street (Between 1st & 2nd Streets or Montgomery Street BART Station) San Francisco, CA 94105-2968

“Fuzzing vs. Static Analysis” by Jacob West

Abstract: This talk discusses how fuzzing and other runtime testing techniques are great at finding certain kinds of bugs. The trick is, effective fuzzing requires a lot of customization. The fuzzer needs to understand the protocol being spoken, anticipate the kinds of things that could go wrong in the program, and have some way to judge whether or not the program has gone into a tailspin. Get this setup wrong, and you end up fuzzing the wrong thing, exercising and re-exercising trivial paths through the program, or just plain missing bugs. Fuzzing effectively takes a lot of customization and a lot of time. The presentation will propose a series of techniques for customizing static, rather than dynamic, tools that will let you find more and better-quality bugs than you ever thought possible. The talk concludes with the results of an experiment we conducted on open-source code to compare the effectiveness of fuzzing and static analysis at finding a known-set of security bugs.

Bio: Jacob manages Fortify Software's Security Research Group, which is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks, and styles together with knowledge about how real-world systems can fail. In addition, he recently co-authored a book, "Secure Programming with Static Analysis," which was released in June 2007. Before joining Fortify, Jacob worked with Professor David Wagner, at the University of California at Berkeley, to develop MOPS (MOdel Checking Programs for Security properties), a static analysis tool used to discover security vulnerabilities in C programs. When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security. He lives in San Francisco, California. “An Analysis of Emerging Security Vulnerabilities & the Impact to Business” by Neil Daswani

Abstract: This talk discusses how IT professionals can go about learning what they need to know to prevent the most significant emerging data security vulnerabilities, and the impact these vulnerabilities are having on electronic commerce. It will review how attacks such as XSRF (Cross-Site-Request-Forgery) and SQL Injection work, and how to defend against them. It will present some industry-wide statistics on software security vulnerabilities reported to various databases, and emerging trends in the field of software security. Finally, it will discuss the current state of security education, and provide pointers to certification programs, books, and organizations where you and your colleagues can learn more.

Bio: Neil has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University , and earned a bachelor's in computer science with honors with distinction from Columbia University

Retrieved from "https://wiki.owasp.org/index.php?title=Bay_Area&oldid=21757"