This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Bay Area"

From OWASP
Jump to: navigation, search
(Past Events)
(Next Event)
Line 11: Line 11:
  
 
= Next Event=
 
= Next Event=
Wednesday, December 10, 2014 - San Francisco @ Mozilla
+
Wednesday, January 21, 2015 - Redwood City @ Synack
  
OWASP Chapter Meeting in San Francisco hosted by [https://www.mozilla.org/en-US/ Mozilla]<br>
+
OWASP Chapter Meeting in Redwood City hosted by [https://www.synack.com/ Synack]<br>
  
[http://www.meetup.com/Bay-Area-OWASP/events/218988323/ RSVP on Meetup]<br>
+
[http://www.meetup.com/Bay-Area-OWASP/events/219158654/ RSVP on Meetup]<br>
 
====When====
 
====When====
  
* Wednesday, Dec 10
+
* Wednesday, Jan 21
* 5:30 pm - 8:00 pm
+
* 5:45 pm - 8:00 pm
  
 
====Where====
 
====Where====
Line 27: Line 27:
 
====Agenda====
 
====Agenda====
  
5:30-6:15 pm - Networking with Drinks & Food<br>
+
5:45-6:30 pm - Networking with Drinks & Food <br>
6:15-6:45 : Speaker: Jasvir Nagra, Google <br>
+
6:30-7:10 : Michael Barrett - FIDO Alliance v1.0 UAF & U2F <br>
7:00-7:30 : Speaker: Sergey Shekyan & Bei Zhang, Shape Security <br>
+
7:15-7:55 : Scott Behrens - The Joy Of Intelligent Proactive Security <br>
7:30-8:00 : More food, drink, and security "hallway con"<br>
+
8:00-8:20 : More food, drink, and security "hallway con" <br>
  
 
====Speakers====
 
====Speakers====
  
* Jasvir Nagra, Google
+
* Michael Barrett, Stealth Startup & FIDO Alliance
* Sergey Shekyan & Bei Zhang, Shape Security
+
* Scott Behrens, Netflix
  
===== Jasvir Nagra, Google =====  
+
===== Michael Barrett, Stealth Startup & FIDO Alliance =====  
'''Firing Bots at Bugs'''
+
'''FIDO Alliance v1.0 UAF & U2F'''
  
It remains all too easy to find simple security vulnerabilities in many web applications.  Why is it so hard to automatically find vulnerabilities when finding them manually remains so relatively easy? In this talk, we’ll share some of gotchas that we’ve run into scanning for web security bugs at Google, armed with a 'firing squad' of examples. We'll then walk through some of the solutions we've come up with, and finish up with a few unsolved problems which remain that really make web vulnerability scanning a hard (but fun!) problem to work on.
+
The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords.
  
Jasvir Nagra is a security engineer at Google dedicated to making the web vulnerability-free. He has led the design and implementation of Caja, a pure JavaScript sandbox. Previously, he co-authored Surreptitious Software, a book on obfuscation, software watermarking and tamper-proofing; and built autonomous soccer-playing robots. These days he builds web application scanners that work at scale
+
On December 9, 2014 FIDO published final 1.0 drafts of its two specifications – Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).  
  
=====  Sergey Shekyan & Bei Zhang, Shape Security=====
+
'''Michael Barrett''' is the CEO of an early stage startup in the enterprise security space. (“We’re in stealth mode - if I told you, I’d have to shoot you...”)
'''Headless Browsers Hide and Seek'''
 
  
Headless browsers have become indispensable tools for security teams, researchers, and attackers focusing on web applications. Tools like PhantomJS enable anyone to automatically interact with highly dynamic websites and to perform many types of automated attacks. This presentation will dive into headless browser detection and spoofing techniques.
+
Previously, Barrett was President of the FIDO Alliance, an open standards consortium that is  reimagining authentication on mobile devices and the Internet. He serves on the board of directors of StopBadWare, a 501(c)(3) Berkman Center spin out organization dedicated to mitigating the impact of malware on businesses and individuals.
 +
 
 +
From 2006 to 2013, Barrett was the Chief Information Security Officer for PayPal. In this role, he was responsible for ensuring the security of PayPal’s 130+ million accounts worldwide. He  oversaw the information systems and services that protect the integrity and confidentiality of PayPal customer and employee information, and led a team of roughly 100 people.
 +
 
 +
=====  Scott Behrens, Netflix=====
 +
'''The Joy Of Intelligent Proactive Security '''
 +
 
 +
Netflix is amongst the largest users of the public cloud, consuming roughly 30% of all the US's downstream bandwidth at peak. Multiple concurrent code bases, continuous deployments, regional content, and an ever-changing threat landscape make vulnerability and asset management difficult. In order to battle this dynamic environment, we have taken an approach of automating, simplifying, and collecting actionable data with proactive security.
 +
 
 +
This presentation will assert that the agility of modern infrastructure requires a different approach to security. We look at common areas of a mature security program: identifying and addressing potential issues, monitoring for attacks and anomalies, understanding your environment, collecting and sharing information, all while constantly reevaluating your approach. We will also walk through a few real world cases where intelligent proactive security has simplified Netflix's response time for identifying, responding to, and remediating security issues.
 +
 
 +
We will also provide demonstrations of a number of Netflix applications that are currently or soon-to-be open sourced that can help you simplify your security program regardless of whether you operate in the cloud or data center.
 +
 
 +
Attendees will leave this talk with real world strategies, techniques, and Netflix open source tools they can use in their own organizations.
 +
 
 +
'''Scott Behrens''' is a security evangelists at Netflix focusing on application security engineering as part of the Product and Application Security team. Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, Chicago B­sides, and a handful of other security conferences.  
  
Sergey Shekyan is a Principal Engineer at Shape Security, where he is focused on the development of the new generation web security product. Prior to Shape Security, he spent 4 years at Qualys developing their on demand web application vulnerability scanning service.
 
  
Bei Zhang is a Senior Software Engineer at Shape Security, focused on analysis and countermeasures of automatic web attacks. Previously, he worked at the Chrome team at Google with a focus on the Chrome Apps API. His interests include web security, source code analysis, and algorithms.
 
 
<br><br>
 
<br><br>
 
'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''
 
'''OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.'''''

Revision as of 06:54, 13 January 2015

Register Now!

OWASP Bay Area

Welcome to the Bay Area chapter homepage.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


OWASP-Bay-Area-Aug-2014.png

150+ attendees at the OWASP Bay Area meeting in August, 2014

Picture is @BenHagen talking about cloud security and applications


Next Event

Wednesday, January 21, 2015 - Redwood City @ Synack

OWASP Chapter Meeting in Redwood City hosted by Synack

RSVP on Meetup

When

  • Wednesday, Jan 21
  • 5:45 pm - 8:00 pm

Where

Mozilla, 2 Harrison St, San Francisco, CA 94105

Agenda

5:45-6:30 pm - Networking with Drinks & Food
6:30-7:10 : Michael Barrett - FIDO Alliance v1.0 UAF & U2F
7:15-7:55 : Scott Behrens - The Joy Of Intelligent Proactive Security
8:00-8:20 : More food, drink, and security "hallway con"

Speakers

  • Michael Barrett, Stealth Startup & FIDO Alliance
  • Scott Behrens, Netflix
Michael Barrett, Stealth Startup & FIDO Alliance

FIDO Alliance v1.0 UAF & U2F

The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords.

On December 9, 2014 FIDO published final 1.0 drafts of its two specifications – Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

Michael Barrett is the CEO of an early stage startup in the enterprise security space. (“We’re in stealth mode - if I told you, I’d have to shoot you...”)

Previously, Barrett was President of the FIDO Alliance, an open standards consortium that is reimagining authentication on mobile devices and the Internet. He serves on the board of directors of StopBadWare, a 501(c)(3) Berkman Center spin out organization dedicated to mitigating the impact of malware on businesses and individuals.

From 2006 to 2013, Barrett was the Chief Information Security Officer for PayPal. In this role, he was responsible for ensuring the security of PayPal’s 130+ million accounts worldwide. He oversaw the information systems and services that protect the integrity and confidentiality of PayPal customer and employee information, and led a team of roughly 100 people.

Scott Behrens, Netflix

The Joy Of Intelligent Proactive Security

Netflix is amongst the largest users of the public cloud, consuming roughly 30% of all the US's downstream bandwidth at peak. Multiple concurrent code bases, continuous deployments, regional content, and an ever-changing threat landscape make vulnerability and asset management difficult. In order to battle this dynamic environment, we have taken an approach of automating, simplifying, and collecting actionable data with proactive security.

This presentation will assert that the agility of modern infrastructure requires a different approach to security. We look at common areas of a mature security program: identifying and addressing potential issues, monitoring for attacks and anomalies, understanding your environment, collecting and sharing information, all while constantly reevaluating your approach. We will also walk through a few real world cases where intelligent proactive security has simplified Netflix's response time for identifying, responding to, and remediating security issues.

We will also provide demonstrations of a number of Netflix applications that are currently or soon-to-be open sourced that can help you simplify your security program regardless of whether you operate in the cloud or data center.

Attendees will leave this talk with real world strategies, techniques, and Netflix open source tools they can use in their own organizations.

Scott Behrens is a security evangelists at Netflix focusing on application security engineering as part of the Product and Application Security team. Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, Chicago B­sides, and a handful of other security conferences.




OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

About OWASP Bay Area Chapter

Geographic Area of Bay Area Chapter

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

Become a Presenter

Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

Link to submit

Notes about OWASP presentations

OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.


Chapter Meetings

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

http://www.eventbrite.com/rss/user_list_events/22961305858

About Presentation Events

Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

About OWASP Social Hours

The purpose of the OWASP social gathering is:

  • Informal security chat - the benefits of "hallway con" and security talk with others in the industry
  • Networking - meet other people in the field and industry
  • After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events. https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact [email protected]


Past Events

December 2014 - San Francisco @ Mozilla

OWASP Chapter Meeting in San Francisco hosted by Mozilla

  • Jasvir Nagra, Google - Firing Bots at Bugs
  • Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek

August 2014 - San Francisco @ Lookout

OWASP Chapter Meeting in San Francisco hosted by Lookout

  • Paul McMillan from Nebula @PaulM - Attacking the Internet of Things using Time
  • Ben Hagen from Netflix @BenHagen - Cloud Security at Scale and What it Means for Your Application

May 2014 - Redwood City @ Evernote

OWASP Chapter Meeting in Redwood City hosted by Evernote

  • Arshad Noor - CTO, StrongAuth
  • Rich Tener - Director of Security, Evernote

March 2014 - San Francisco @ Stripe

OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014 Hosted by Stripe

Feb 2014 - San Jose @ Jillians

OWASP Developer Training & Social Hour - Monday 2/24/2013 Hosted by OWASP at Jillian's Billiards Club

Feb 2014 - Special Free Training Event

OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

Jan 2014 - San Jose @ F5

OWASP Social Hour in San Jose - Wednesday 1/22/2013 Hosted by F5

Dec 2013 - San Francisco @ Twilio

OWASP Social Hour in San Francisco - Thursday 12/19/2013 Hosted by Twilio

Nov 2013 - San Francisco @ LendingClub

OWASP Social Hour in Mountain View - Wednesday 11/6/13 Hosted by LendingClub

Sept 2013 - Mt View @ Shape Security

OWASP Social Hour in Mountain View - Wednesday 9/25/13 Hosted by Shape Security

July 2013 - Berkeley @ University of Berkely

OWASP Presentation Meeting

  • An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
  • "Putting Your Robots to Work", Twitter Security Team

Older Events

Bay Area Past Events

Bay Area Chapter Leaders


Stay In Touch