This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Bay Area

Revision as of 18:56, 12 August 2014 by MichaelCoates (talk | contribs) (Next Event)

Jump to: navigation, search

OWASP Bay Area

Welcome to the Bay Area chapter homepage.


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Next Event

August 2014 - San Francisco @ Lookout

OWASP Chapter Meeting in San Francisco hosted by Lookout



  • Date: Thursday, Aug 21
  • 5:30-8pm


Lookout, 1 Front St #2700 San Francisco, CA


5:30-6:15 pm - Networking with Drinks & Food
6:15-6:45 : Speaker: Attacking the Internet of Things using Time
7:00-7:30 : Speaker: Cloud Security at Scale and What it Means for Your Application
7:30-8:00 : More food, drink, and security "hallway con"


  • Paul McMillan from Nebula @PaulM - Attacking the Internet of Things using Time
  • Ben Hagen from Netflix @BenHagen - Cloud Security at Scale and What it Means for Your Application

  • Paul McMillan - Attacking the Internet of Things using Time
    • Internet of Things devices are often slow and resource constrained. This makes them the perfect target for network-based timing attacks, which allow an attacker to brute-force credentials one character at a time, rather than guessing the entire string at once. We will discuss how timing attacks work, how to optimize them, and how to handle the many factors which can prevent successful exploitation. We will also demonstrate attacks on at least one popular device. After this presentation, you will have the foundation necessary to attack your own devices, and a set of scripts to help you get started.
    • Paul McMillan is a security engineer at Nebula. He also works on the security teams for several open source projects. When he's not building or breaking the internet, he enjoys, cocktails and photography.
  • Ben Hagen - Cloud Security at Scale and What it Means for Your Application
    • Cloud computing is all the rage, but few organizations have really thought about what security means for their applications and networks in cloud-centric deployments. Netflix is amongst the largest users of public cloud resources and consumes roughly 1/3 of all the US’s downstream broadband at peak. This talk will cover the processes used at Netflix to deploy and secure large-scale applications to the Cloud. Netflix has developed a suite of architectures, processes, and tools to make security in the Cloud as elegant as possible... most of these are, or will soon be, Open Sourced. Several tools will be previewed in the talk.
      These systems include:
      • Hundreds of applications; with hundreds of production deployments a day ... all using an “immutable server model”
      • Crazy monkeys that roam the clouds to enforce availability models through random instance homicide
      • OCD fish that swim cloudy waters to make sure firewalls are sane and consistent across the globe
      • Inquisitive penguins automatically assess the risk of an application based upon its codebase and interconnections with other applications
      • ... and many more ...
    • Ben Hagen is likely the only security professional in the world who has won both a presidential election and an Emmy. He loves security and both building and breaking things. Ben currently leads the Security Tools and Operations team at Netflix. During the 2012 US Presidential Election he was in charge of security for the Obama 2012 re-election campaign’s technology program. Prior to this role, he was a Security Consultant with Neohapsis, and Motorola where he had to break into, and then help fix, the computer networks of lots of organizations.

OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

About OWASP Bay Area Chapter

Geographic Area of Bay Area Chapter

The 'Bay Area' is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

Become a Presenter

Submit your talk now for an upcoming OWASP Bay Area Chapter Meeting

Link to submit

Notes about OWASP presentations

OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

Chapter Meetings

RSS of all public bay area events (it only contains the next event so don't worry if it's empty when you subscribe)

About Presentation Events

Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

About OWASP Social Hours

The purpose of the OWASP social gathering is:

  • Informal security chat - the benefits of "hallway con" and security talk with others in the industry
  • Networking - meet other people in the field and industry
  • After work drinks - a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact [email protected]

Past Events

May 2014 - Redwood City @ Evernote

OWASP Chapter Meeting in Redwood City hosted by Evernote

  • Arshad Noor - CTO, StrongAuth
  • Rich Tener - Director of Security, Evernote

March 2014 - San Francisco @ Stripe

OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014 Hosted by Stripe

March 2014 - San Francisco @ Stripe

OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014 Hosted by Stripe

Feb 2014 - San Jose @ Jillians

OWASP Developer Training & Social Hour - Monday 2/24/2013 Hosted by OWASP at Jillian's Billiards Club

Feb 2014 - Special Free Training Event

OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

Jan 2014 - San Jose @ F5

OWASP Social Hour in San Jose - Wednesday 1/22/2013 Hosted by F5

Dec 2013 - San Francisco @ Twilio

OWASP Social Hour in San Francisco - Thursday 12/19/2013 Hosted by Twilio

Nov 2013 - San Francisco @ LendingClub

OWASP Social Hour in Mountain View - Wednesday 11/6/13 Hosted by LendingClub

Sept 2013 - Mt View @ Shape Security

OWASP Social Hour in Mountain View - Wednesday 9/25/13 Hosted by Shape Security

July 2013 - Berkeley @ University of Berkely

OWASP Presentation Meeting

  • An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
  • "Putting Your Robots to Work", Twitter Security Team

Older Events

Bay Area Past Events

Bay Area Chapter Leaders

Stay In Touch