This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Bay Area"

From OWASP
Jump to: navigation, search
Line 13: Line 13:
  
 
==Agenda==
 
==Agenda==
   6:00pm - 6:30pm ... Check-in and Reception (food & beverages)
+
   1.30 PM - 2.00 PM ... Check-in and registration
   6:30pm - 7:15pm ... '''Your Client-Side Security Sucks. Stop Using It.''' – Kurt Grutzmacher
+
   2:00 PM - 2:10 PM ... Overview of the OWASP Bay Area Chapter - Mandeep Khera, Bay Area Chapter Leader
   7:15pm - 8:00pm ... '''NTLM attacks and countermeasures''' Eric Rachner
+
   2:10 PM - 2:55 PM ... Consumerization of enterprises: a security conundrum Dr. Chenxi Wang, Principal Analyst, Forrester Group
   8:00pm - 8:30pm ... Networking Session
+
   2:55 PM - 3:40 PM ... Cross-Site Request Forgery- New Attacks and Defenses - Collin Jackson, PH.D. student, Stanford University
 
+
  3:40 PM - 4:00 PM ... Networking Break
==Speakers==
+
  4:00 PM - 4.45 PM ... Google Gadget Security - Tom Stracener, Cenzic
'''Your Client-Side Security Sucks. Stop Using It.''' - [https://www.owasp.org/index.php/Image:Your_Client_Security_Sucks_-_OWASP.pdf slides]
+
  4:45 PM - 5:30 PM ... How Cybercriminals Steal Money - Neil Daswani, Google
 
 
Presented by: Kurt Grutzmacher
 
 
 
Abstract: Browser-based security has been used for many years to 'protect' back-end systems from attack or to enhance the user experience. This should not be your only protection and can even open your application to business logic flaws that scanning tools can not detect nor report upon! This talk will show some real world examples of client-side security and the failures they introduced. Business logic flaws such as the MacWorld Expo Platinum Pass will be examined in depth.
 
 
 
Bio: Kurt Grutzmacher has been performing Penetration Testing for a "very large financial institution" for nearly a decade and recently moved to a "very large utility company" to start their internal testing program. For two years in a row he has exposed the methods required to obtain free Platinum Passes to MacWorld and is hoping they'll get it right the third time, he's tired of explaining it to them. Kurt contributes to the Metasploit project occasionally and is currently working on enhancing the project's support for NTLM in web-based attacks. He also randomly blogs at http://grutztopia.jingojango.net/ -- very randomly.
 
 
 
'''NTLM attacks and countermeasures''' - [https://www.owasp.org/index.php/Image:NTLM_Relay_Attacks.pdf slides]
 
 
 
Presented by: Eric Rachner
 
 
 
Abstract: Eric will demonstrate the NTLM relay attack, in which an attacker accesses arbitrary web sites and file shares using the credentials of any user who can be lured into visiting the attacker's web site. Since NTLM is enabled by default as part of the Windows integrated authentication protocol suite, this attack is a potential concern in any enterprise where Windows is widely used. Following the demonstration, we will explore the history and mechanics of the attack, as well as mitigation options.  
 
 
 
Bio: Eric Rachner is a security researcher and lead consultant specializing in threat analysis, vulnerability assessment and penetrating testing of complex mission critical applications and systems.  Mr. Rachner began his career in IT at Microsoft in 1994.  As a senior member of Microsoft's Security Team, Eric led several projects including application penetration testing, code reviews, design reviews and security awareness training for internal application teams throughout Microsoft's global IT organization. In 2005, Eric became an independent security consultant and researcher providing services to large global enterprises in North America and Europe.  Away from the office Eric has many hobbies; he also participated as a core member of the hacking team that won the prestigious "Capture the Flag" contest at Def Con three years in a row.
 
  
 
==RSVP==
 
==RSVP==

Revision as of 02:24, 18 June 2008

OWASP Bay Area

Welcome to the Bay Area chapter homepage.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Next Event

Date and Location

  June 25th @ 2PM - Microsoft
  1065 La Avenida St.
  Mountain View, CA 94043
  Conference Room - Galileo

OWASP Bay Area will host its half day Application Security Summit at the Microsoft Facility in Mountain View on Wednesday, June 25th. As usual attendance is free and food and beverages will be provided. We have some excellent speakers lined up for this and it should be an event not to be missed. The event is open to the public. Please forward this invite to your colleagues and friends who are interested in computer and application security.

Special thanks to Microsoft for hosting this event and to Cenzic and AppSec Consulting, Rapid7, and Imperva for sponsoring.

Agenda

  1.30 PM - 2.00 PM ... Check-in and registration
  2:00 PM - 2:10 PM ... Overview of the OWASP Bay Area Chapter - Mandeep Khera, Bay Area Chapter Leader
  2:10 PM - 2:55 PM ... Consumerization of enterprises: a security conundrum – Dr. Chenxi Wang, Principal Analyst, Forrester Group
  2:55 PM - 3:40 PM ... Cross-Site Request Forgery- New Attacks and Defenses - Collin Jackson, PH.D. student, Stanford University
  3:40 PM - 4:00 PM ... Networking Break
  4:00 PM - 4.45 PM ... Google Gadget Security - Tom Stracener, Cenzic
  4:45 PM - 5:30 PM ... How Cybercriminals Steal Money - Neil Daswani, Google 

RSVP

REGISTER EARLY AS SEATING IS LIMITED Please RSVP at http://owaspbajune2008.eventbrite.com

Bay Area Chapter Leaders

Bay Area Past Events

Bay Area Past Events