This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "San Jose"

From OWASP
Jump to: navigation, search
(Thursday, September 6, 2007)
(Thursday, December 13, 2007)
Line 9: Line 9:
  
 
'''Agenda and Presentations:'''<br/>
 
'''Agenda and Presentations:'''<br/>
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)
+
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)<br/>
6:30pm - 7:15pm ... Ghosts in the Browser – Niels Provos, Google
+
6:30pm - 7:15pm ... Ghosts in the Browser – Niels Provos, Google<br/>
7:15pm - 8:00pm ... Ph.D. Student Presentations – Adam Barth & Collin Jackson, Stanford University
+
7:15pm - 8:00pm ... Ph.D. Student Presentations – Adam Barth & Collin Jackson, Stanford University<br/>
8:00pm - 8:30pm ... Networking Session
+
8:00pm - 8:30pm ... Networking Session<br/>
  
 
'''Venue:'''<br/>
 
'''Venue:'''<br/>
Stanford Alumni Association Center
+
Stanford Alumni Association Center<br/>
Stanford University
+
Stanford University<br/>
326 Galvez Street
+
326 Galvez Street<br/>
Stanford, CA  94305
+
Stanford, CA  94305<br/>
 
''Map and Directions:''<br/>
 
''Map and Directions:''<br/>
 
[http://maps.yahoo.com/#mvt=m&gid1=21396976&q1=326+galvez+st%2C+stanford%2C+ca&trf=0&lon=-122.164643&lat=37.430552&mag=3]<br/>
 
[http://maps.yahoo.com/#mvt=m&gid1=21396976&q1=326+galvez+st%2C+stanford%2C+ca&trf=0&lon=-122.164643&lat=37.430552&mag=3]<br/>
Line 24: Line 24:
  
  
Ghosts in the Browser
+
'''Ghosts in the Browser'''<br/>
Presented by: Niels Provos, Ph.D., Google, Inc.
+
Presented by: Niels Provos, Ph.D., Google, Inc.<br/>
  
Abstract: As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets.  For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.
+
'''Abstract:'''<br/>
 +
As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets.  For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.
  
Bio: Based out of Mt.View, Niels Provos is a Senior Staff Engineer at Google, Inc.  His interests include research in Web-Based Malware, Distributed Denial of Service, Steganography, Cryptography and Computer and Network Security.  Niels studied Physics and Mathematics at University of Hamburg, Germany, and attended the University of Michigan as a graduate student where he earned both is Masters in Computer Science and his Ph.D. in Computer Science.  He has published countless research papers and recently authored the book Virtual Honeypots: From Tracking Botnets to Intrusion Detection.   
+
'''Bio:'''<br/>
 +
Based out of Mt.View, Niels Provos is a Senior Staff Engineer at Google, Inc.  His interests include research in Web-Based Malware, Distributed Denial of Service, Steganography, Cryptography and Computer and Network Security.  Niels studied Physics and Mathematics at University of Hamburg, Germany, and attended the University of Michigan as a graduate student where he earned both is Masters in Computer Science and his Ph.D. in Computer Science.  He has published countless research papers and recently authored the book Virtual Honeypots: From Tracking Botnets to Intrusion Detection.   
  
Ph.D. Student Presentations
+
'''Ph.D. Student Presentations'''<br/>
Presented by: Adam Barth & Collin Jackson, Stanford University
+
Presented by: Adam Barth & Collin Jackson, Stanford University<br/>
  
Preview of OWASP Bay Area, Mandeep Khera
+
Preview of OWASP Bay Area, Mandeep Khera<br/>
 
Mandeep will provide an outline of the goals and objectives for local OWASP affiliates in 2008.   
 
Mandeep will provide an outline of the goals and objectives for local OWASP affiliates in 2008.   
  

Revision as of 18:40, 3 December 2007

OWASP San Jose

Welcome to the San Jose chapter homepage. The chapter leader is Brian Bertacini


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Thursday, December 13, 2007

OWASP Bay Area will host its next meeting at the Stanford University Alumni Association Center on Thursday, December 13. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.


Agenda and Presentations:
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)
6:30pm - 7:15pm ... Ghosts in the Browser – Niels Provos, Google
7:15pm - 8:00pm ... Ph.D. Student Presentations – Adam Barth & Collin Jackson, Stanford University
8:00pm - 8:30pm ... Networking Session

Venue:
Stanford Alumni Association Center
Stanford University
326 Galvez Street
Stanford, CA 94305
Map and Directions:
[1]


Ghosts in the Browser
Presented by: Niels Provos, Ph.D., Google, Inc.

Abstract:
As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets. For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat.

Bio:
Based out of Mt.View, Niels Provos is a Senior Staff Engineer at Google, Inc. His interests include research in Web-Based Malware, Distributed Denial of Service, Steganography, Cryptography and Computer and Network Security. Niels studied Physics and Mathematics at University of Hamburg, Germany, and attended the University of Michigan as a graduate student where he earned both is Masters in Computer Science and his Ph.D. in Computer Science. He has published countless research papers and recently authored the book Virtual Honeypots: From Tracking Botnets to Intrusion Detection.

Ph.D. Student Presentations
Presented by: Adam Barth & Collin Jackson, Stanford University

Preview of OWASP Bay Area, Mandeep Khera
Mandeep will provide an outline of the goals and objectives for local OWASP affiliates in 2008.

Please RSVP by responding to this email or visit http://owaspdec2007.eventbrite.com

Special thanks to Stanford University Alumni Association for hosting this event and to Cenzic and AppSec Consulting for sponsoring.