This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Bay Area

From OWASP
Revision as of 01:02, 14 July 2009 by Mandeep Khera (talk | contribs) (Agenda)

Jump to: navigation, search

OWASP Bay Area

Welcome to the Bay Area chapter homepage.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

<paypal>Bay Area</paypal>

Chapter Meetings

Date and Location

OWASP Bay Area Meeting Thursday, July 23rd - 1:00 - 8 pm Stanford University Center for Integrated Services Room CISX 101 http://cis.stanford.edu/misc/directions.html


OWASP Bay Area will host its Application Security Summit meeting at the Stanford University on Thursday, July 23rd. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

Please note, Stanford has parking restrictions and there is a parking fee applicable till 4 P.M. You can buy parking stickers from the meter. Detailed instructions are on this site - http://transportation.stanford.edu/parking_info/VisitorParking.shtml.

http://owaspbajuly2009.eventbrite.com/

Agenda

  1:00 PM - 1:30 PM ... Check-in, registration, networking
  1:30 PM - 1:45 PM ... Welcome Remarks and Overview of OWASP Bay Area - Mandeep Khera, Bay Area Chapter Leader
  1:45 PM - 2:30 PM ... Development Issues Within AJAX Applications: How to Divert Threats - Lars Ewe, CTO, Cenzic
  2:30 PM - 3:30 PM ... Building a Corp App Security Assessment Program-Rob Jerdonek,Staff Info Security Analyst,Intuit
  3:30 PM - 4:00 PM ... Networking Break, refreshments
  4:00 PM - 5:00 PM ... Mastering Session Management - Siva Ram, AppSec Consulting
  5:00 PM - 6:00 PM ... From Rivals to BFF: WAF & VA Unite - Brian Contos, Chief Security Strategist, Imperva
  6:00 PM - 6:30 PM ... Web Hacking, Tricks of the Trade - Anurag Agarwal
  6:30 PM - 8:00 PM ... Networking Reception - Food and Drinks!!


Development Issues Within AJAX Applications: How to Divert Threats

AJAX has rapidly emerged as a prominent enabling technology in the movement to improve the Web as a software platform for business and consumer applications. Using AJAX development techniques provides software developers with a wide-open platform for creating innovative new Web (2.0) applications. The result is a more readily responsive Web environment which minimizes the “start-stop-start-stop” nature of Web pages, thus increasing the speed and user-interactivity of Web-enabled services.

However, the open, malleable nature of Web 2.0 also has an often overlooked impact on application security that is not necessarily initially visible to application developers, establishing a relatively easy target for malicious behavior to compromise applications and overall network security. Various security issues arise from a number of sources, thus increasing the attack surface of AJAX applications: client side security controls often replace server side data validation, thus creating a false sense of security; so do calls to “hidden” application functionality and URLs; new XML and JavaScript data models, such as JSON, also enable new attack vectors, like JavaScript Hijacking; and the open, easy to use nature of so called Mashups often comes at the price of various security compromises.

Such threats, however, can be thwarted with the proper implementation of security testing. This session will address the development issues of AJAX applications from a security perspective, looking at how today’s common web threats such as SQL injections, Cross Site Scripting, and others are often magnified in an AJAX environment, and it will also explore new threads, such as JavaScript Hijacking. Last but not least it also provides Best Practices for AJAX application developers that are designed to help manage the security complexities inherent to AJAX development.

Building a Corporate Application Security Assessment Program

The talk will discuss Intuit's experiences in building a corporate application security assessment program. Areas of discussion will include tools, processes, and methodologies utilized to conduct effective security assessments of applications in a large global software development corporation.

Mastering Session Management

From Rivals to BFF: WAF & VA Unite

For years there was a debate in the Web application and data security world about which approaches are best - black box, white box, SDLC, VA services/software, Web Application Firewalls (WAF), etc. While it is true that with a limited budget anything can become competitive – a new copy machine versus a new coffee machine, the core value propositions of WAF and VA are distinct and complementary. This presentation will illustrate how integrating these solutions can enable more secure Web application development and operations.

Web Hacking, Tricks of the Trade

This session will show you why is web application security is such a big threat these days and how little you need to know to hack into a website. Anurag will show you step by step on how a small error message can lead to a hacker completely owning the web application or how a hacker can steal all the credit card numbers in a matter of minutes if the application is vulnerable to sql injection. This action packed session will also cover some real life case studies on how some of the big names were hacked. This interactive session will be an eye opener for developers and executives alike and a good learning experience for all.

About the Speakers

Lars Ewe

Lars Ewe is the CTO and VP of Engineering of Cenzic. Lars is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering and product management in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts.

Rob Jerdonek

Rob Jerdonek is a Staff Information Security Analyst at Intuit, working to strengthen application security across all Intuit products and services. Prior to working at Intuit, Rob has held positions at Arcot Systems, Netscape, Nortel, and the Center for Information Technology Integration. Rob has a B.S.E. and M.S.E. in Computer Science and Engineering from the University of Michigan, Ann Arbor. Rob is a CISSP, and has earned 4 patents in the field of information security.

Siva Ram

Brian Contos

Anurag Agarwal

RSVP

REGISTER EARLY AS SEATING IS LIMITED

http://owaspbajuly2009.eventbrite.com/

Bay Area Past Events

Bay Area Past Events

Bay Area OWASP Chapter Leaders

Retrieved from "https://wiki.owasp.org/index.php?title=Bay_Area&oldid=65882"