Los Angeles/2014 Meetings

---May 28, 2014, Symantec Offices, Culver City

TBD

---April 23, 2014, Symantec Offices, Culver City

Stop Chasing Vulnerabilities – Getting Started with Continuous Application Security

For too long, application security has been “experts-only” and practiced one-app-at-a-time. But modern software development, both technology and process, is mostly incompatible with this old approach and legacy appsec tools. Software development has been transformed by practices like Continuous Integration and Continuous Integration, and the time has come to bring these efficiencies to security. In this talk, Jeff will show you how you can transition to a “Continuous Application Security” approach that generates assurance automatically across an entire application security portfolio. Jeff will demonstrate how both open-source and commercial tools (including OWASP ZAP, Mozilla’s Minion, Gauntlt, and others) can be integrated to provide a comprehensive real time application security dashboard. With this approach, we can leverage the power of big data analytics to gain unprecedented insight into enterprise application security and finally focus on enterprise application security strategy rather than simply chasing the next XSS.

Speaker: Jeff Williams

Jeff Williams has over 20 years of experience in software development and security. Jeff is a founder and CTO of Contrast Security, offering a revolutionary application security technology that accurately identifies vulnerabilities at portfolio scale without requiring experts. Prior to founding Contrast, Jeff was a founder and CEO at Aspect Security. In addition, Jeff helped found the OWASP Foundation where he served as the Global Chair for 8 years and created many open-source standards, tools, libraries, and guidelines – including the OWASP Top Ten.

---March 26, 2014, Symantec Offices, Culver City

Monitoring and protecting Windows Web Servers with OMENS

OMENS is a utility that monitors and protects Windows web servers from attackers. It is a practical system designed by someone directly responsible for defending high value public facing web servers. In this talk D0n Quix0te will discuss why he took the unique approaches that OMENS uses. He will also demo installing and using this relatively simple but effective piece of free software.

Speaker: D0n Quix0te is the author and creator of OMENS.

D0n Quix0te is the author and creator of OMENS. He has more than 25 years of experience in architecting, installing, maintaining, and defending high value targets. Currently he is an Incident Response Analyst for a Fortune 500 entertainment company. Prior to that he spent more than 20 years architecting and securing systems for NASA and Lockheed.

---February 19, 2014, Symantec Offices, Culver City

Building a shield of security - Vulnerability Management by the numbers and dumb robots

This presentation discusses how builders, breakers and defenders should look at vulnerability management when attempting to keep hackers at bay?? We shall discuss the most common vulnerabilities which are not detected by security tools nor automation but nevertheless are common and can be used to commit real fraud resulting in financial loss. We will look at some real world examples from the trenches, discuss business logic and authorisation testing, how we approach these and why automation does not work to detect such critical issues. We will see that Web Application Firewalls are ineffective against such attacks and why the only practical solution is to apply a layered approach across the SDLC and by focusing on the application as a logical state machine.

Speaker: Rahim Jina - BCC Risk Advisory

Rahim has been an active member of OWASP since 2008 and has contributed to many projects such as the OWASP Security Code Review Guide and is an ex-board member of the Irish Chapter. Previously Rahim was a senior security consultant at a ?big 4? professional services firm and more recently, the head of security for Fonality Inc, a VoIP service provider based in Los Angeles. Rahim is currently a director for BCC Risk Advisory (bccriskadvisory.com), based in Dublin, Ireland. He is also responsible for the security architecture of the edgescan.com vulnerability management solution.

---January 2014, Symantec Offices, Culver City

Speaker: