This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Bay Area"

From OWASP
Jump to: navigation, search
(Undo revision 24615 by Ggee (Talk))
Line 3: Line 3:
 
NEXT EVENT:
 
NEXT EVENT:
  
'''January, 24th @ 6PM - PG&E Building'''
+
'''February, 21st @ 6PM - Robert Half International'''
 
   
 
   
  
OWASP Bay Area will host its next meeting at the Pacific Gas & Electric on Thursday, January 24.  As usual attendance is free and food and beverages will be provided.  This will be an awesome event and a great opportunity to network with industry peers.  The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.   
+
OWASP Bay Area will host its next meeting at the Robert Half International on Thursday, February 21.  As usual attendance is free and food and beverages will be provided.  This will be an awesome event and a great opportunity to network with industry peers.  The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.   
  
 
'''Agenda and Presentations:'''
 
'''Agenda and Presentations:'''
  
6:00pm - 6:30pm ... Check-in and Holiday Reception (food & beverages)
+
6:00pm - 6:30pm ... Check-in and Reception (food & beverages)
  
6:30pm - 7:15pm ... ''Flash® Security'' – Peleus Uhley, Adobe Systems
+
6:30pm - 7:15pm ... ''Your Client-Side Security Sucks. Stop Using It.'' – Kurt Grutzmacher
  
7:15pm - 8:00pm ... ''Application Security and PCI Compliance'' – Jim Cowing, Digital Resource Group
+
7:15pm - 8:00pm ... ''NTLM attacks and countermeasures'' – Eric Rachner
  
 
8:00pm - 8:30pm ... Networking Session  
 
8:00pm - 8:30pm ... Networking Session  
Line 20: Line 20:
  
 
'''Venue:'''
 
'''Venue:'''
Pacific Gas & Electric
+
Robert Half International
245 Market Street
+
5720 Stoneridge Dr
San Francisco, CA 94105
+
Pleasanton CA 94588
  
''Flash Security''
+
''Your Client-Side Security Sucks. Stop Using It.''
  
'''Presented by:''' Peleus Uhley, Adobe Systems
+
'''Presented by:''' Kurt Grutzmacher
  
'''Abstract:'''  Adobe Flash Player is deployed on over 90% of all computer systems and is utilized by millions of websites.  This talk will discuss the Flash Player security model, common Flash mistakes and tools for securing Flash content.
+
'''Abstract:'''  Browser-based security has been used for many years to 'protect' back-end systems from attack or to enhance the user experience. This should not be your only protection and can even open your application to business logic flaws that scanning tools can not detect nor report upon! This talk will show some real world examples of client-side security and the failures they introduced. Business logic flaws such as the MacWorld Expo Platinum Pass will be examined in depth.
  
'''Bio:''' Peleus Uhley is a senior security researcher within the Secure Software Engineering team at Adobe. His primary focus is assisting with Adobe platform technologies, including Flash Player and Adobe AIR. Prior to working with Adobe, Peleus gained his security experience by working as a security consultant for @stake and Symantec, and as a developer for Anonymizer, Inc.
+
'''Bio:''' Kurt Grutzmacher has been performing Penetration Testing for a "very large financial institution" for nearly a decade and recently moved to a "very large utility company" to start their internal testing program. For two years in a row he has exposed the methods required to obtain free Platinum Passes to MacWorld and is hoping
 +
they'll get it right the third time, he's tired of explaining it to them. Kurt contributes to the Metasploit project occasionally and is currently working on enhancing the project's support for NTLM in web-based attacks. He also randomly blogs at http://grutztopia.jingojango.net/ -- very randomly.
  
 +
''NTLM attacks and countermeasures''
  
'''Presented by:''' James Cowing, CPA, CISSP, QSA, QPASP, Managing Director, Digital Resource Group
+
'''Presented by:''' Eric Rachner
  
'''Abstract:'''  Application security has greatly influenced the Payment Card Industry’s (PCI) efforts to reduce risk through the Data Security Standards. This talk will give you real world experiences on how organizations are addressing the application security requirements and what is coming in the near future.  Topics will include:                                                                                                                                                                                                                                           
+
'''Abstract:'''  Coming soon.
  
·        PCI DSS Requirement 6: “Develop and maintain secure systems and applications” (with special attention to the June 30th deadline for Application firewalls)
+
'''Bio:''' Coming soon.
  
·        How the new Payment Application Data Security Standard (PA-DSS) reported to release this calendar quarter effects merchants, service providers and the application development community
+
Please RSVP by responding to this email or visit ''http://owaspfeb2008.eventbrite.com''
  
·        Requirements for testing including application-layer penetration tests
+
Special thanks to Robert Half International for hosting this event and to Cenzic for sponsoring.
 
 
'''Bio:''' As the original founder of DRG in 1997, James Cowing leads DRG's Information Security Consulting practice. With over ten years of security consulting experience and twenty years of financial services industry experience, Mr. Cowing has helped thousands of government, financial services, ecommerce, enterprise, and health care companies maneuver through the often complex and stringent security compliance requirements of their respective industry. Mr. Cowing is a seasoned payment card industry professional, renowned speaker and trusted security advisor to industry leading financial institutions, merchants, and service providers. He holds a CPA certification in California and Hawaii, an MBA in Finance and a BA from UCLA in Economics. Mr. Cowing served as the co-chair of the Security Committee for the Financial Services Technology Consortium (FSTC) and is currently a member of ISACA, ISSA, Computer Security Institute and the American Institute of Certified Public Accountants (AICPA) Information Technology Division.
 
 
 
Please RSVP by responding to this email or visit ''http://owaspjan2008.eventbrite.com''
 
 
 
Special thanks to Pacific Gas & Electric for hosting this event.
 

Revision as of 04:07, 15 February 2008

OWASP San Francisco

Welcome to the San Francisco chapter homepage. The chapter leader is Robi Papp


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


NEXT EVENT:

February, 21st @ 6PM - Robert Half International


OWASP Bay Area will host its next meeting at the Robert Half International on Thursday, February 21. As usual attendance is free and food and beverages will be provided. This will be an awesome event and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.

Agenda and Presentations:

6:00pm - 6:30pm ... Check-in and Reception (food & beverages)

6:30pm - 7:15pm ... Your Client-Side Security Sucks. Stop Using It. – Kurt Grutzmacher

7:15pm - 8:00pm ... NTLM attacks and countermeasures – Eric Rachner

8:00pm - 8:30pm ... Networking Session


Venue: Robert Half International 5720 Stoneridge Dr Pleasanton CA 94588

Your Client-Side Security Sucks. Stop Using It.

Presented by: Kurt Grutzmacher

Abstract: Browser-based security has been used for many years to 'protect' back-end systems from attack or to enhance the user experience. This should not be your only protection and can even open your application to business logic flaws that scanning tools can not detect nor report upon! This talk will show some real world examples of client-side security and the failures they introduced. Business logic flaws such as the MacWorld Expo Platinum Pass will be examined in depth.

Bio: Kurt Grutzmacher has been performing Penetration Testing for a "very large financial institution" for nearly a decade and recently moved to a "very large utility company" to start their internal testing program. For two years in a row he has exposed the methods required to obtain free Platinum Passes to MacWorld and is hoping they'll get it right the third time, he's tired of explaining it to them. Kurt contributes to the Metasploit project occasionally and is currently working on enhancing the project's support for NTLM in web-based attacks. He also randomly blogs at http://grutztopia.jingojango.net/ -- very randomly.

NTLM attacks and countermeasures

Presented by: Eric Rachner

Abstract: Coming soon.

Bio: Coming soon.

Please RSVP by responding to this email or visit http://owaspfeb2008.eventbrite.com

Special thanks to Robert Half International for hosting this event and to Cenzic for sponsoring.

Retrieved from "https://wiki.owasp.org/index.php?title=Bay_Area&oldid=25406"