This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Los Angeles
- 1 Welcome to the Los Angeles Chapter!
- 2 Participation
- 3 Announcements
- 4 Become an OWASP Member TODAY
- 5 2013 December Holiday Party at Daily Grill in LA
- 6 Next OWASP Meeting
- 7 7pm July 23, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230
- 8 Sponsor: WhiteHat Security
- 9 Would you like to speak at an OWASP Los Angeles Meeting?
- 10 Upcoming OWASP Meetings
- 11 Other Events
- 12 Archives of Previous Meetings
- 13 Los Angeles Chapter
Welcome to the Los Angeles Chapter!
Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission
Get the following benefits::
- Meet upwards of 60-90 potential new clients - Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site - Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting. - Have a table at local chapter meeting - Promote your products and services - Bring a raffle prize to gather business cards
Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations
Participation
OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related security topic you would like to present on.
Announcements
OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY
We are on Meetup. Please join our community there.
If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/
Become an OWASP Member TODAY
Support your LA Chapter: only $50 for the entire year!
https://www.owasp.org/index.php/Individual_Member
2013 December Holiday Party at Daily Grill in LA
Next OWASP Meeting
**NOTE: Date for this event **
7pm July 23, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230
Topic#1: Single, and Secure? Security in Single Page Architecture web applications
Recently, I was invited to speak about security to a group UI developers at Intuit at its internal conference called Front End Engineering. It is a group of engineers who -- for all justifiable reasons -- do not have to or just do not worry about security when writing software. This status quo has changed with the emergence of the full stack developer, a developer who writes both UI on the front end and business logic on the back end, usually using the same language of choice, JavaScript.
In this talk, I will talk about security issues that full stack developers need to worry about when designing and writing SPA applications, and share my experience about how security concepts are perceived by talented UI designers and front end engineers.
Speaker: Tin Zaw
Tin Zaw is a former president and current board member of OWASP Los Angeles chapter. During the day, he works as a software security leader at Intuit. He is an alumnus of University of Southern California.
---
Topic#2: Aviator Secure Browser Presentation and Demo
The tradeoffs required to make a secure browser are often largely poorly understood even amongst the best of security people. It makes sense since so few people actually work on browsers. There is little knowledge about what it requires to make a browser safe enough to use when viewing hostile websites - against all known adversaries. In this presentation we will cover how browsers are critically insecure, how they can be made to be secure, and what consumers forfeit in order to gain that extra level of security. Lastly, the presentation will cover how to think about tradeoffs and what customers can live without.
Speaker: Nick Schilbe, Director, Solutions Architecture, WhiteHat Security
Nick Schilbe is currently the Sr. Director of Solutions Architecture at WhiteHat Security. Nick began his career at WhiteHat as a security engineer who verified vulnerability data, managed services for his customers, and provided manual penetration testing on over 500 web applications. He eventually became the Manager of the Threat Research Center where he developed, refined, and implemented new processes and workflows for the WhiteHat Sentinel family of website risk management solutions. His WhiteHat Security Engineering team provided service to more than 6000 web applications – primarily production e-commerce, financial services, and healthcare websites, including those owned by many Fortune 500 companies. Afterwards he created the Research & Development division which focused on improving the Sentinel testing methodology, researching new types of attack techniques, responding to zero day issues, and making the overall assessment process more efficient.
Sponsor: WhiteHat Security
Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/
Would you like to speak at an OWASP Los Angeles Meeting?
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg OR Stuart Schwartz. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.
Upcoming OWASP Meetings
Topic: Securing Complex Forms Speaker: Jim Manico
The heart of how users interact with a web application is the HTML form submission. A great deal of very sensitive data flows over HTML forms. Securing web form submissions is critical for the construction of a secure web application. Multi-form workflows make securing form submissions even more complicated! This presentation will take you on a journey as untrusted data flows from a form submission into the many layers of a secure web application.
• Review some of the basic threats against web forms • Learn some of the most important defense categories for building secure web forms • Discuss some of the more complex aspects to form construction, such as workflow
Topic: Securing the SDLC in the real world Speaker: Jim Manico
The earlier you address security in the engineering of software, the less expensive it will be for your organization. There are many who will tell you that you need to change all of your current processes around building software so it is more secure. Many of those forces are consultants charging high rates to help you deeply modify what you are doing today. This talk will will take the opposite approach. How can you add a few reasonable and mostly lightweight processes to how you build software today to make it more secure? Software development is like driving a boat. You need to look ahead make small changes to steer effectively.
Jim Manico is an author and educator of developer security awareness trainings. He is also a frequent speaker on secure software practices and is a member of the JavaOne "rockstar hall of fame". He has a 17 year history building software as a developer and architect. Jim is also one of the members of the Global Board of Directors for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects. Jim is currently working on a book with McGraw-Hill and Oracle-Press on Java Security. For more information, see http://www.linkedin.com/in/jmanico.
Other Events
Archives of Previous Meetings
Los Angeles Chapter
- Richard Greenberg -- Chapter Leader and President
- Tin Zaw -- Board Member
- Edward Bonver -- Board Member
- Mike Francis -- Board Member
- Stuart Schwartz -- Board Member
- Aaron Guzman -- Board Member
- Dave Wettenstein -- Board Member
Volunteers: Yev Avidon and Mikhael Felker
OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.
The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!
Web archive: http://2010.AppSecUSA.org
Videos: http://vimeo.com/user4863863/videos
