This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Bay Area"
(→Agenda) |
|||
| Line 26: | Line 26: | ||
1:30 PM - 1:45 PM ... Welcome Remarks and Overview of OWASP Bay Area - Mandeep Khera (Cenzic), Bay Area Chapter Leader | 1:30 PM - 1:45 PM ... Welcome Remarks and Overview of OWASP Bay Area - Mandeep Khera (Cenzic), Bay Area Chapter Leader | ||
1:45 PM - 2:30 PM ... Mastering Session Management - Siva Ram (AppSec Consulting) | 1:45 PM - 2:30 PM ... Mastering Session Management - Siva Ram (AppSec Consulting) | ||
| − | 2:30 PM - 3:30 PM ... Building a Corporate Application Security Assessment Program - Rob Jerdonek, Staff Information Security Analyst, Intuit | + | 2:30 PM - 3:30 PM ... Building a Corporate Application Security Assessment Program-Rob Jerdonek,Staff Information Security Analyst,Intuit |
3:30 PM - 4:00 PM ... Networking Break, refreshments | 3:30 PM - 4:00 PM ... Networking Break, refreshments | ||
4:00 PM - 5:00 PM ... Development Issues Within AJAX Applications: How to Divert Threats - Lars Ewe, CTO, Cenzic | 4:00 PM - 5:00 PM ... Development Issues Within AJAX Applications: How to Divert Threats - Lars Ewe, CTO, Cenzic | ||
| − | 5:00 PM - 6:00 PM ... Best practices of | + | 5:00 PM - 6:00 PM ... Best practices of scanners and WAFs to minimize risk - Brian Contos, Chief Security Strategist, Imperva |
6:00 PM - 6:30 PM ... Web Hacking, Tricks of the Trade - Anurag Agarwal | 6:00 PM - 6:30 PM ... Web Hacking, Tricks of the Trade - Anurag Agarwal | ||
6:30 PM - 8:00 PM ... Networking Reception - Food and Drinks!! | 6:30 PM - 8:00 PM ... Networking Reception - Food and Drinks!! | ||
| Line 53: | Line 53: | ||
===Web Hacking, Tricks of the Trade=== | ===Web Hacking, Tricks of the Trade=== | ||
| − | |||
| − | |||
==About the Speakers== | ==About the Speakers== | ||
Revision as of 00:33, 13 July 2009
OWASP Bay Area
Welcome to the Bay Area chapter homepage.
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
Local News
<paypal>Bay Area</paypal>
Chapter Meetings
Date and Location
OWASP Bay Area Meeting Thursday, July 23rd - 1:00 - 8 pm Stanford University Center for Integrated Services Room CISX 101 http://cis.stanford.edu/misc/directions.html
OWASP Bay Area will host its Application Security Summit meeting at the Stanford University on Thursday, July 23rd. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.
Please note, Stanford has parking restrictions and there is a parking fee applicable till 4 P.M. You can buy parking stickers from the meter. Detailed instructions are on this site - http://transportation.stanford.edu/parking_info/VisitorParking.shtml.
http://owaspbajuly2009.eventbrite.com/
Agenda
1:00 PM - 1:30 PM ... Check-in, registration, networking 1:30 PM - 1:45 PM ... Welcome Remarks and Overview of OWASP Bay Area - Mandeep Khera (Cenzic), Bay Area Chapter Leader 1:45 PM - 2:30 PM ... Mastering Session Management - Siva Ram (AppSec Consulting) 2:30 PM - 3:30 PM ... Building a Corporate Application Security Assessment Program-Rob Jerdonek,Staff Information Security Analyst,Intuit 3:30 PM - 4:00 PM ... Networking Break, refreshments 4:00 PM - 5:00 PM ... Development Issues Within AJAX Applications: How to Divert Threats - Lars Ewe, CTO, Cenzic 5:00 PM - 6:00 PM ... Best practices of scanners and WAFs to minimize risk - Brian Contos, Chief Security Strategist, Imperva 6:00 PM - 6:30 PM ... Web Hacking, Tricks of the Trade - Anurag Agarwal 6:30 PM - 8:00 PM ... Networking Reception - Food and Drinks!!
Mastering Session Management
Building a Corporate Application Security Assessment Program
The talk will discuss Intuit's experiences in building a corporate application security assessment program. Areas of discussion will include tools, processes, and methodologies utilized to conduct effective security assessments of applications in a large global software development corporation.
Development Issues Within AJAX Applications: How to Divert Threats
AJAX has rapidly emerged as a prominent enabling technology in the movement to improve the Web as a software platform for business and consumer applications. Using AJAX development techniques provides software developers with a wide-open platform for creating innovative new Web (2.0) applications. The result is a more readily responsive Web environment which minimizes the “start-stop-start-stop” nature of Web pages, thus increasing the speed and user-interactivity of Web-enabled services.
However, the open, malleable nature of Web 2.0 also has an often overlooked impact on application security that is not necessarily initially visible to application developers, establishing a relatively easy target for malicious behavior to compromise applications and overall network security. Various security issues arise from a number of sources, thus increasing the attack surface of AJAX applications: client side security controls often replace server side data validation, thus creating a false sense of security; so do calls to “hidden” application functionality and URLs; new XML and JavaScript data models, such as JSON, also enable new attack vectors, like JavaScript Hijacking; and the open, easy to use nature of so called Mashups often comes at the price of various security compromises.
Such threats, however, can be thwarted with the proper implementation of security testing. This session will address the development issues of AJAX applications from a security perspective, looking at how today’s common web threats such as SQL injections, Cross Site Scripting, and others are often magnified in an AJAX environment, and it will also explore new threads, such as JavaScript Hijacking. Last but not least it also provides Best Practices for AJAX application developers that are designed to help manage the security complexities inherent to AJAX development.
Best practices of combining scanners and WAFs to minimize risk
Web Hacking, Tricks of the Trade
About the Speakers
Siva Ram
Jeremy graduated from Iowa State University in 2006 with a Bachelor’s degree in Computer Engineering with an emphasis in Information Assurance. Currently, he is pursuing a Master’s degree in Computer Science at Stanford specializing in Computer and Network Security. Research interests include web-based malware and exploits, Intrusion Detection Systems and Forensics.
Rob Jerdonek
Rob Jerdonek is a Staff Information Security Analyst at Intuit, working to strengthen application security across all Intuit products and services. Prior to working at Intuit, Rob has held positions at Arcot Systems, Netscape, Nortel, and the Center for Information Technology Integration. Rob has a B.S.E. and M.S.E. in Computer Science and Engineering from the University of Michigan, Ann Arbor. Rob is a CISSP, and has earned 4 patents in the field of information security.
Lars Ewe
Lars Ewe is the CTO and VP of Engineering of Cenzic. Lars is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering and product management in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts.
Brian Contos
Anurag Agarwal
RSVP
REGISTER EARLY AS SEATING IS LIMITED
http://owaspbajuly2009.eventbrite.com/
