This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
(updated for Oct Mtg, and added AppSec video link)
Line 1: Line 1:
 
== Local News  ==
 
== Local News  ==
  
Please follow [http://twitter.com/appsec2010 @appsec2010]for the latest updates on AppSec USA 2010 conference.  
+
The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a sucess!
  
 
http://www.AppSecUSA.org  
 
http://www.AppSecUSA.org  
 +
 +
Check out the videos: http://vimeo.com/user4863863/videos<br>
  
 
[[Image:AppSec Logo.jpg|362x106px]]  
 
[[Image:AppSec Logo.jpg|362x106px]]  
  
== Next&nbsp;Chapter Meeting: Special Joint Meeting with ISSA-LA: Wednesday, September 22, 2010 6:00 P.M. to 8:30 P.M. ==
+
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday, October 20, 2010 7:00 P.M. <br> ==
 +
 
 +
=== We will be Having Two Great Speakers and Free Catered Greek Food ===
 +
 
 +
'''Please RSVP: http://www.eventbrite.com/event/955294311'''<br>
 +
<pre>'''Meeting Location
 +
Symantec Corporation
 +
900 Corporate Pointe (off Slauson)
 +
Culver City, CA 90230''''''
 +
'''</pre>
 +
 
 +
'''Identity Management: federation and authorization'''<br>
  
=== <br>Secure Coding Practices and Procedures, and Threat Modeling at Symantec  ===
+
'''Speaker:'''
<pre>Meeting Location
 
The Olympic Collection Banquet &amp; Conference Center
 
11301 West Olympic Boulevard
 
West Los Angeles, CA 90064
 
(310) 575-4585</pre>
 
Please RSVP via the ISSA Los Angeles Chapter website:&nbsp;http://www.issa-la.org/Default.aspx?id=1242
 
  
<br>'''Description:'''<br>Secure Coding Practices and Procedures: Organizations process information over web applications that can be often classified as sensitive, confidential, or considered intellectual property. Web Application Firewalls (WAF) provide protection for business critical data and web applications with an automated and transparent approach to monitor and protect enterprise data as it is accessed and transacted through applications.  
+
Todd Calvert is currently the Western Region Business Development / Sales Director for Arcot Systems, based in Sunnyvale, California, where he has been with the company over two years. Prior to Arcot, he has been involved with various industries involving enterprise SW for application management, modeling &amp; statistical analysis, and optimization for companies such as Compuware, KLA-Tencor, Nikon Inc., and Wind River. He graduated UC Santa Barbara in 1991 with a B.S. in Mathematical Sciences degree, and has spent much of his time to delivering educational &amp; technical seminars and math tutoring on the side.<br>
  
To augment WAF filtering and vulnerability monitoring, many organizations have developed or outsource secure code reviews and development. Information Security at Newegg established their own .NET C# secure coding standard, train and test our developers on secure coding, and do their own secure code reviews with WebInspect and manual code reviews. They started to develop a web application threat modeling approach but it is still in its infancy. This presentation focuses on the secure coding standard, satisfying PCI requirements for such, and training / testing of developers in secure coding practices using OWASP Top 10 Vulnerabilities as its foundation.
+
<br>
 +
'''Sharks and Security'''
  
<br>'''Description:'''<br>Threat Modeling at Symantec: Threat Modeling is one of the most important security activities that a development/QA team needs to perform as part of a Security Development Lifecycle. This activity allows the team to build a complete security profile of the system being built. Threat Modeling is not always easy to get going for a team that has little or no security experience. In this presentation we’ll take a look at why Threat Modeling is so important; we’ll explore the process behind it, and how the process is being implemented and followed across Symantec.
+
Abstract:
  
<br> '''Speakers: <br>''' '''Mike O. Villegas, CISA, CISSP, GSEC,''' Director of Information Security, Newegg.com
+
Do you know what makes a shark a shark and a hacker a hacker? Which is the most dangerous shark and how does that fit the profile of a dangerous hacker? What does the tiger shark have to do with garbage collection? Is there any connection between the locomotion in sharks and reverse engineering? and more…
  
Miguel (Mike) O. Villegas is the Director of Information Security at Newegg, Inc. and is responsible for Information Security, Business Continuity Management, and PCI DSS (Payment Card Industry Data Security Standard) compliance. Newegg, Inc. is a PCI Level 1 Merchant and Service Provider. It is one of the fastest growing E-Commerce companies established in 2001 and exceeded revenues of over $2.6 Billion in 2009.  
+
There are sharks at sea and there are sharks on land! Many are prevalent in the information security space. In this talk, Mano Paul, a shark biologist are researcher from the Bahamas turned security professional takes you through the similarities and differences that exists between sharks that are after our digital assets and the relatively less dangerous and beautiful creation that swims the ocean currents. The talk with the demo of a Trojan called SharkBait has take aways for the all kinds of audiences, whether they are management, technical or operational in scope. <br>
  
Mike has over 30 years of Information Systems security and IT audit experience. Mike was previously Vice President &amp; Technology Risk Manager for Wells Fargo Services responsible for IT Regulatory Compliance and was previously a partner at Arthur Andersen and Ernst &amp; Young for their information systems security and IS audit groups over a span of nine years. Mike is a CISA, CISSP, and GSEC.  
+
Come for a fun-filled, highly interactive, and interesting presentation and leave with a new sense of appreciation on how to look at sharks and hackers and what you can do so that you or your organizations don't become shark bait.<br>
  
Mike is the current LA ISACA Chapter President and was the SF ISACA Chapter President during 2005-2006. He was the SF Fall Conference Co-Chair from 2002–2007 and also served for two years as Vice President on the Board of Directors for ISACA International.
+
'''Speaker:'''<br>
  
<br> '''Edward Bonver, CISSP, CSSLP,''' Principal Software Engineer, Product Security Symantec Corporation
+
Manoranjan (Mano) Paul started his career as a Shark Researcher in Bimini Biological Field Station (Bahamas) and then came to the USA to pursue higher education and got his Management Information Systems degree, following which he joined Dell Inc, after trying out a few entrepreneurial ventures. At Dell, Inc., Mano played several roles from software developer/tester, logistics manager, technical architect, IT strategist and Security Engineer/Program Manager/Strategist. His security experience includes designing and developing software security programs from Compliance-to-Coding, application security risk management, security strategy &amp; management, and conducting security awareness sessions, training and education.
  
Edward Bonver is a principal software engineer on the product security team, which is part of Symantec Research Labs under the Office of the CTO at Symantec Corporation. In this capacity, Edward is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company’s software security practices through the adoption of methodologies, procedures and tools for secure coding and security testing. Within Symantec, Edward teaches secure coding and security testing classes for Symantec engineers, and also leads the company’s QA Security Task Force, which he founded. Prior to joining Symantec, Edward held software engineering and QA roles at Digital Equipment Corporation, and small networking companies.
 
  
Edward is a Certified Information Systems Security Professional (CISSP), a Certified Secure Software Lifecycle Professional (CSSLP), and is a professional member of the Institute of Electrical and Electronics Engineers (IEEE) and the Association of Computing Machinery (ACM). He holds a masters degree in computer science from California State University, Northridge, and a bachelors degree in computer science from Rochester Institute of Technology. Edward is a Ph.D. student at NOVA Southeastern University.
 
  
 
<br> '''Sponsor:'''&nbsp;  
 
<br> '''Sponsor:'''&nbsp;  
  
[[Image:Whitehat.jpg|200x65px]]
+
Arcot Systems Inc is the largest cloud based authentication company in the world and also a leader in online security products including 3-D Secure (aka Verified-by-Visa / MasterCard SecureCode), Strong Authentication, Risk Assessment, Secure Document Delivery, Tokenization and Secure Digital Signing.Our Strength is in a token-less 2 Factor Authentication Methodology /Adaptive Authentication/Secure Digital Signing/3-D Secure/Tokenization to reduce PCI-DSS Audit cost.
 +
 
 +
ArcotID, 100% software based smart card, is the core constituent of this solution. ArcotID provides strong protection of digital IDs for multi-factor authentication, digital signatures and encryption. ArcotID uses Arcot's patented 'Cryptographic Camouflage' technology.
 +
 
 +
WebFort is Versatile Authentication Server (VAS) that supports ArcotID authentication in addition to One-Time-Password (OTP), Question-and-Answer and Password authentications<br>
  
 
<br>  
 
<br>  

Revision as of 09:27, 19 October 2010

Local News

The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a sucess!

http://www.AppSecUSA.org

Check out the videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg

Next Chapter Meeting:  Wednesday, October 20, 2010 7:00 P.M.

We will be Having Two Great Speakers and Free Catered Greek Food

Please RSVP: http://www.eventbrite.com/event/955294311

'''Meeting Location
Symantec Corporation
900 Corporate Pointe (off Slauson)
Culver City, CA 90230''''''
'''

Identity Management: federation and authorization

Speaker:

Todd Calvert is currently the Western Region Business Development / Sales Director for Arcot Systems, based in Sunnyvale, California, where he has been with the company over two years. Prior to Arcot, he has been involved with various industries involving enterprise SW for application management, modeling & statistical analysis, and optimization for companies such as Compuware, KLA-Tencor, Nikon Inc., and Wind River. He graduated UC Santa Barbara in 1991 with a B.S. in Mathematical Sciences degree, and has spent much of his time to delivering educational & technical seminars and math tutoring on the side.


Sharks and Security

Abstract:

Do you know what makes a shark a shark and a hacker a hacker? Which is the most dangerous shark and how does that fit the profile of a dangerous hacker? What does the tiger shark have to do with garbage collection? Is there any connection between the locomotion in sharks and reverse engineering? and more…

There are sharks at sea and there are sharks on land! Many are prevalent in the information security space. In this talk, Mano Paul, a shark biologist are researcher from the Bahamas turned security professional takes you through the similarities and differences that exists between sharks that are after our digital assets and the relatively less dangerous and beautiful creation that swims the ocean currents. The talk with the demo of a Trojan called SharkBait has take aways for the all kinds of audiences, whether they are management, technical or operational in scope.

Come for a fun-filled, highly interactive, and interesting presentation and leave with a new sense of appreciation on how to look at sharks and hackers and what you can do so that you or your organizations don't become shark bait.

Speaker:

Manoranjan (Mano) Paul started his career as a Shark Researcher in Bimini Biological Field Station (Bahamas) and then came to the USA to pursue higher education and got his Management Information Systems degree, following which he joined Dell Inc, after trying out a few entrepreneurial ventures. At Dell, Inc., Mano played several roles from software developer/tester, logistics manager, technical architect, IT strategist and Security Engineer/Program Manager/Strategist. His security experience includes designing and developing software security programs from Compliance-to-Coding, application security risk management, security strategy & management, and conducting security awareness sessions, training and education.



Sponsor: 

Arcot Systems Inc is the largest cloud based authentication company in the world and also a leader in online security products including 3-D Secure (aka Verified-by-Visa / MasterCard SecureCode), Strong Authentication, Risk Assessment, Secure Document Delivery, Tokenization and Secure Digital Signing.Our Strength is in a token-less 2 Factor Authentication Methodology /Adaptive Authentication/Secure Digital Signing/3-D Secure/Tokenization to reduce PCI-DSS Audit cost.

ArcotID, 100% software based smart card, is the core constituent of this solution. ArcotID provides strong protection of digital IDs for multi-factor authentication, digital signatures and encryption. ArcotID uses Arcot's patented 'Cryptographic Camouflage' technology.

WebFort is Versatile Authentication Server (VAS) that supports ArcotID authentication in addition to One-Time-Password (OTP), Question-and-Answer and Password authentications


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. When we accept your talk, it will be required to use the Powerpoint OWASP Template.

Archives of Previous Meetings

A list of previous presentations conducted at the Los Angeles Chapter can be found here.

Los Angeles Chapter

Retrieved from "https://wiki.owasp.org/index.php?title=Los_Angeles&oldid=91643"