This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Austin

From OWASP
Revision as of 20:51, 19 March 2008 by Wickett (talk | contribs)

Jump to: navigation, search

OWASP Austin

Welcome to the Austin chapter homepage. The chapter leader is James Wickett and the former chapter leader is Cris Dewitt


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

If a link is available, click for more details on directions, speakers, etc. You can also review Email Archives to see what folks have been talking about

Next Meeting

When: March 25th, 2008, 11:30am - 1:00pm

Who: Dan Cornell, Principal of Denim Group, Ltd., OWASP San Antonio Leader, Creator of Sprajax

Dan Cornell has over ten years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.

Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and is currently the San Antonio chapter leader of the Open Web Application Security Project (OWASP). He is a recognized expert in the area of web application security for SearchSoftwareQuality.com and the primary author of Sprajax, OWASP's open source tool for assessing the security of AJAX-enabled web applications.

Topic: Static Analysis Techniques for Testing Application Security

Static Analysis of software refers to examining source code and other software artifacts without executing them. This presentation looks at how these techniques can be used to identify security defects in applications. Approaches examined will range from simple keyword search methods used to identify calls to banned functions through more sophisticated data flow analysis used to identify more complicated issues such as injection flaws. In addition, a demonstration will be given of two freely-available static analysis tools: FindBugs for the Java platform and FXCop for the .NET platform. Finally, some approaches will be presented on how organizations can start using static analysis tools as part of their development and quality assurance processes.

Where: Whole Foods, 550 Bowie Street, Austin, TX 78703. Come to the Whole Foods plaza level and sign in with receptionist. To get to the plaza take the stairs from the main entrance. The stairs are located on the West Side of the building, just north of the main entrance. There is no access to the Plaza level from inside the store.

See directions to Whole Foods.

Cost: Always Free

Questions or help with Directions... call: Scott Foster 512-637-9824.


Future Speakers and Events

March 25th, 2008 - Dan Cornell, Denim Group @ WHOLE FOODS, Downtown

TRISC 2008 (San Antonio) April 20-23 ** Non-OWASP event, but worth checking out **

April 29th, 2008 - Mano Paul, CEO of SecuRisk Solutions @ National Instruments

May 27th, 2008 - Nathan Sportsman and Praveen Kalamegham, Web Services Security @ Whole Foods Downtown

As a Consultant and Partner at Praetorian Solutions, Praveen is focused on software security architecture and development as well as conducting security code reviews and threat models. In addition, Praveen is regularly involved in assessment services and performs network and web application penetration testing.

As a Consultant and Partner at Praetorian Solutions, Nathan is responsible for conducting network and web application assessments as well as host and network reviews. In addition, Nathan also has a background in software development and often performs security code reviews and threat models.


June 24th, 2008 - OPEN

Record Hall of Meetings

February 26th, 2008 - Michael Howard, Author of Writing Secure Code

Topic: Microsoft's SDL: A Deep Dive

In this presentation, Michael will explain some of the inner workings of the SDL as well as some of the decision making process that went into some of the SDL requirements. He will also explain where SDL can be improved.

Where: National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.


January 29th, 2008 - Mark Palmer, Hoovers and Geoff Mueller, NI @ WHOLE FOODS, Downtown

Where: Whole Foods, 550 Bowie Street, Austin, TX 78703. Come to the Whole Foods plaza level and sign in with receptionist. To get to the plaza take the stairs from the main entrance. The stairs are located on the West Side of the building, just north of the main entrance. There is no access to the Plaza level from inside the store.

See directions to Whole Foods.


When: December 4th, 2007, 11:30am - 1:00pm

Who: Jeremiah Grossman (WhiteHat Security, CTO, OWASP Founder, Security Blogger)

Topic: Business Logic Flaws

Session handling, credit card transactions, and password recovery are just a few examples of Web-enabled business logic processes that malicious hackers have abused to compromise major websites. These types of vulnerabilities are routinely overlooked during QA because the process is intended to test what a piece of code is supposed to do and not what it can be made to do. The other problem(s) with business logic flaws is scanners can’t identify them, IDS can’t detect them, and Web application firewalls can’t defend them. Plus, the more sophisticated and Web 2.0 feature-rich a website, the more prone it is to have flaws in business logic.

This presentation will provide real-world demonstrations of how pernicious and dangerous business logic flaws are to the security of a website. He’ll also show how best to spot them and provide organizations with a simple and rational game plan to prevent them.

Where: National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.


November 27th, 2007 Austin OWASP chapter meeting - Robert Hansen (SecTheory.com, ha.ckers.org and is regarded an expert in Web Application Security)

Robert will be talking about different ways to de-anonymize and track users both from an offensive and defensive standpoint. He will discuss how the giants of the industry do it and next generation tactics alike.

Whole Foods, 550 Bowie Street, Austin, TX 78703. Come to the Whole Foods plaza level and sign in with receptionist. See directions to Whole Foods.


October 2007 Austin OWASP chapter meeting October 30th, 11:30am - 1:00pm at National Instruments "Social networking" - Social networking is exploding with ways to create your own social networks. As communities move more and more online and new types of communities start to form, what are some of the security concerns that we have and might face in the future? by Rich Vázquez, and Tom Brown.

September 2007 Austin OWASP Chapter September 2007 - Tue, September 25, 2007 11:30 AM – 1:00 PM at Whole Foods Meeting 550 Bowie Street, Austin "Biting the hand that feeds you" - A presentation on hosting malicious content under well know domains to gain a victims confidence. "Virtual World, Real Hacking" - A presentation on "Virtual Economies" and game hacking. "Cover Debugging - Circumventing Software Armoring techniques" - A presentation on advanced techniques automating and analyzing malicious code.

August 2007 Austin OWASP chapter meeting - 8/28, 11:30am - 1:00pm at National Instruments. Josh Sokol presented on OWASP Testing Framework and how to use it, along with free and Open Source tools, in a live and interactive demonstration of web site penetration testing.

July 2007 Austin OWASP chapter meeting - 7/31, 11:30am - 1:00pm at Whole Foods. Dan Cornell will be presenting on Cross Site Request Forgery

June 2007 Austin OWASP chapter meeting - 6/26, 11:30am - 1:00pm at National Instruments. James Wickett presented on OWASP Top 10 and using Web Application Scannners to detect Vulnerabilities.

May 2007 Austin OWASP chapter meeting - 5/29, "Bullet Proof UI - A programmer's guide to the complete idiot". Robert will be talking about ways to secure a web-app from aggressive attackers and the unwashed masses alike.

April 2007 Austin OWASP chapter meeting - 4/24, 11:30am - 1:00pm at National Instruments. H.D. Moore (creator of MetaSploit will be presenting)

March 2007 Austin OWASP chapter meeting - 3/27, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.

January 2007 Austin Chapter Meeting - 1/30, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C Conference Room 1S15.

December Meeting - Due to the holidays, there will be no December OWASP meeting. However, we are looking for speakers for the January meeting. If you or anyone you know would be a good candidate, let us know! Happy Holidays!

November 2006 Austin Chapter Meeting - 11/21, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C Conference Room 1S14.

October 2006 Austin Chapter Meeting - 10/31 - Boo!

September 2006 Austin Chapter Meeting - 9/26, 12-1:00 at Texas ACCESS Alliance building located at the intersection of IH-35 South and Ben White

August 2006 Austin Chapter Meeting - Tuesday- 8/29, 11:30-1:30 on the National Instruments campus, Mopac B (the middle building), conference room 112 (in the Human Resources area to the left of the receptionist). See directions to National Instruments. Hint: It is on your left on Mopac if you were heading up to Fry's from Austin.

Austin OWASP chapter kickoff meeting - Thursday, 7/27, 12-2pm @ Whole Foods Market (downtown, plaza level, sign in with receptionist)

Presentation Archives

The following presentations have been given at local chapter meetings:

  • Single Sign On (7/27)