This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

San Jose

From OWASP
Revision as of 18:21, 24 August 2007 by Steingra (talk | contribs) (Next Meeting - Thursday, September 6, 2007)

Jump to: navigation, search

OWASP San Jose

Welcome to the San Jose chapter homepage. The chapter leader is Brian Bertacini


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Next Meeting - Thursday, September 6, 2007

Open to the public, attendance is free

Agenda and Presentations:
5:00pm – 5:30pm Check-in and Reception (food and beverages)
5:30pm – 6:45pm Malicious Code Injection Workshop
6:45pm – 6:55pm Break
6:55pm – 8:10pm Panel Discussion – Privacy, Security and Breaches, Oh My!
8:10pm – 8:30pm Networking Session


Venue: eBay - Town Square B
2161 North First Street
San Jose, CA 95131

Map and Directions: Map


Malicious Code Injection Workshop

SQL Injection, Cross-site Scripting (XSS) and other injection attacks techniques have become pervasive on the web. This hands-on workshop takes an in-depth look at common methods used to exploit web applications. Attendees will learn step-by-step techniques used by attackers allowing them to better understand how web applications are exploited. Each attack method is followed up with a discussion about effective countermeasures to defend against such attacks.

This interactive workshop includes a victim web application that contains built-in vulnerabilities. Attendees can bring their own laptop computers and participate in hands-on lab sessions. The objective of this workshop is to learn secure development practices used to harden the security of applications. Attendee participation is encouraged and door prizes will be awarded at random.


Workshop Instructor:

Siva Ram, CISA
Senior Consultant, AppSec Consulting

Panel Discussion: “Privacy, Security and Breaches, Oh My!”

This panel discussion will review the current state of information privacy and the security of web applications. Security breaches are occurring at an alarming rate and consumers are loosing faith. What, if anything can be done to restore confidence in e-commerce?

What can we learn from events at Card Systems are more recently Monster.com? What can be done to ensure your company is not the next victim of a class action and/or hackers and data thieves? Join an all-star panel of Information Privacy and Data Security professionals to better understand what’s at stake and how to stay out of the headlines.

Moderator: Alex Stamos, iSEC Partners
Panelists: Doran Rotman, KPMG (co-author, Generally Accepted Privacy Principles

                   David Pollino, Washington Mutual Bank
Robert Fly, Salesforce.com
Larry Pingree, Safeway (co-founder, Digital Forensics Association)

Please RSVP at http://owaspday.eventbrite.com. Feel free to invite like minded IT Security Professionals and help grow OWASP.

Note: To participate in the exercise bring an 802.11b/g equipped laptop with IE or Firefox installed. No hostile code will be put on your laptop by the instructors, but do have a firewall running to protect yourself. No wired connection to the class network will be provided.