This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Dallas"

From OWASP
Jump to: navigation, search
(Local News)
Line 3: Line 3:
 
<paypal>Dallas Chapter</paypal>
 
<paypal>Dallas Chapter</paypal>
  
 +
 +
'''When:''' Thursday, March 4, 2010 11:30 AM – 1:00 PM
 +
 +
'''Topic: ''' Technology and Business Risk Management: How Application Security Fits In
 +
 +
This presentation demonstrates how important application security is to the
 +
overall stability and security of the infrastructure and the ultimately, the business. Presented from
 +
the Information Security Officer/Risk Manager point of view, it shows how a strong information
 +
security program reduces levels of reputational, operational, legal, and strategic risk by limiting
 +
vulnerabilities, increasing stability, and maintaining customer confidence and trust. It focuses on
 +
the top concerns of risk managers and how application security fits into the overall risk
 +
management process. The audience will be given recommendations on how to improve cost
 +
effectiveness and efficiency to achieve business, security, audit, and compliance objectives
 +
relative to applications.
 +
 +
'''Who:''' Peter Perfetti, IMPACT Security LLC
 +
 +
Mr. Perfetti has been working in information security for fifteen years. He has
 +
been involved in IT Security for the financial services industry for ten years where he has worked
 +
as an Information Security Officer as well as having been responsible for vulnerability and threat
 +
management, and security engineering. Mr. Perfetti worked for Viacom and MTV as the Manager
 +
of Systems Administration and was the Director of IT Risk Management for the National
 +
Basketball Association. He has a broad range of experience in both operations and security. Mr.
 +
Perfetti provided governance and guidance over risk and compliance issues for the Americas
 +
region of ABN AMRO as the Local Information Security Officer for New York. His responsibilities
 +
were primarily to manage the risk for infrastructure related technology and operations. Other
 +
duties included audit, business continuity, investigations, and security operations oversight. Most
 +
recently, he was head of IT Security & Governance at Tygris Commercial Finance. He was
 +
formerly the VP of the NY/NJ Metro Chapter of OWASP and is currently a board member of the
 +
local chapter. He has served on the IT Security Advisory Board for the Technology Manager’s
 +
Forum. Mr. Perfetti’s accomplishments have been discussed in two books on achieving high
 +
performing, stable, and secure infrastructure. Currently Mr. Perfetti operates IMPACT Security
 +
LLC, a private security contractor firm, that specializes in Incident & Audit Response, Prevention,
 +
and Recovery; as well as developing, enhancing, and implementing Security and Risk
 +
Management programs.
 +
 +
'''Where:''' University of Texas at Dallas Campus - Galaxy Room C of the Student Union, 800 W. Campbell Rd., Richardson, TX 75080
 +
 +
'''Parking:''' Park in lot C.  I will send a permit to those who have RSVP'd by Tuesday, March 2nd.  Those who do not have the permit will need to stop at the Visitor Center on University Parkway to pick up a pass. 
 +
 +
'''Cost:''' Always Free
 +
 +
'''Lunch:''' Bring your own lunch or purchase lunch at one of the many fast-food
 +
restaurants located on the top floor of the Student Union.
 +
 +
'''RSVP:''' [mailto:[email protected] [email protected]]  This will help expedite the check-in process.  Thanks.
 +
 +
 +
'''======================================================'''
  
  
Line 36: Line 85:
 
Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.  
 
Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.  
  
'''Where:'''  UTD Campus - Galaxy Room of the Student Union, Room SU 2.602 Doors open at 11:00 am.  
+
'''Where:'''  UTD Campus - Galaxy Room of the Student Union, Room SU 2.602 Doors open at 11:00 am.
 
 
 
 
  
 
==== Chapter Meetings ====
 
==== Chapter Meetings ====

Revision as of 21:51, 25 February 2010

OWASP Dallas

Welcome to the Dallas chapter homepage. The chapter leaders are Leah Teutsch, Andrea Wendeln and Don McMillian.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Local News

<paypal>Dallas Chapter</paypal>


When: Thursday, March 4, 2010 11:30 AM – 1:00 PM

Topic: Technology and Business Risk Management: How Application Security Fits In

This presentation demonstrates how important application security is to the overall stability and security of the infrastructure and the ultimately, the business. Presented from the Information Security Officer/Risk Manager point of view, it shows how a strong information security program reduces levels of reputational, operational, legal, and strategic risk by limiting vulnerabilities, increasing stability, and maintaining customer confidence and trust. It focuses on the top concerns of risk managers and how application security fits into the overall risk management process. The audience will be given recommendations on how to improve cost effectiveness and efficiency to achieve business, security, audit, and compliance objectives relative to applications.

Who: Peter Perfetti, IMPACT Security LLC

Mr. Perfetti has been working in information security for fifteen years. He has been involved in IT Security for the financial services industry for ten years where he has worked as an Information Security Officer as well as having been responsible for vulnerability and threat management, and security engineering. Mr. Perfetti worked for Viacom and MTV as the Manager of Systems Administration and was the Director of IT Risk Management for the National Basketball Association. He has a broad range of experience in both operations and security. Mr. Perfetti provided governance and guidance over risk and compliance issues for the Americas region of ABN AMRO as the Local Information Security Officer for New York. His responsibilities were primarily to manage the risk for infrastructure related technology and operations. Other duties included audit, business continuity, investigations, and security operations oversight. Most recently, he was head of IT Security & Governance at Tygris Commercial Finance. He was formerly the VP of the NY/NJ Metro Chapter of OWASP and is currently a board member of the local chapter. He has served on the IT Security Advisory Board for the Technology Manager’s Forum. Mr. Perfetti’s accomplishments have been discussed in two books on achieving high performing, stable, and secure infrastructure. Currently Mr. Perfetti operates IMPACT Security LLC, a private security contractor firm, that specializes in Incident & Audit Response, Prevention, and Recovery; as well as developing, enhancing, and implementing Security and Risk Management programs.

Where: University of Texas at Dallas Campus - Galaxy Room C of the Student Union, 800 W. Campbell Rd., Richardson, TX 75080

Parking: Park in lot C. I will send a permit to those who have RSVP'd by Tuesday, March 2nd. Those who do not have the permit will need to stop at the Visitor Center on University Parkway to pick up a pass.

Cost: Always Free

Lunch: Bring your own lunch or purchase lunch at one of the many fast-food restaurants located on the top floor of the Student Union.

RSVP: [email protected] This will help expedite the check-in process. Thanks.


======================================================


When: September 15, 2009, 11:30am - 1:30pm

Topic: Detective Work for Testers. Finding Workflow-based Defects.

Workflow-based security defects in Web applications are especially difficult to identify because they evade traditional, point-and-scan vulnerability detection techniques. Understanding these potential defects and why black-box scanners typically miss them, are key to creating a testing strategy for successful detection and mitigation. Rafal Los describes the critical role that testers play in assessing application work flows and how business process-based testing techniques can uncover these flaws. Rafal demystifies the two main types of workflow-based application vulnerabilities-business process logic vulnerabilities and parameter-based vulnerabilities-and provides you with a sound basis to improve your testing strategies. Become a security testing sleuth and learn to find the workflow-based security defects before your system is compromised.

Who: Rafal Los, Sr. Web Security Specialist, HP Software

Senior Security Specialist with Hewlett-Packard’s Application Security Center (ASC), Rafal Los has more than thirteen years of experience in network and system design, security policy and process design, risk analysis, penetration testing, and consulting. For the past eight years, he has focused on information security and risk management, leading security architecture teams, and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously, Rafal spent three years in-house with GE Consumer Finance, leading its web application security programs.

Where: The First American Co, 1 First American Way, Westlake, TX 76262 (@15 min from DFW Airport)

Parking: Upon arrival at Circle Drive, please pull into the Visitor Kiosk to your right where you will be issued a Visitor’s Parking Pass. Once parked, proceed to Building 5 for your Visitor Badge. See Map for Directions. Link to Directions.

Cost: Always Free

Lunch: Bring your own lunch or purchase lunch at the First American Café in Building 7.

RSVP: [email protected] This will help expedite the check-in process. Thanks.


======================================================

When: Dallas February 25, 2009 11:30am – 1:30pm

Topic: Vulnerability Management in an Application Security World. Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Who: Dan Cornell, Principal, Denim Group Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.

Where: UTD Campus - Galaxy Room of the Student Union, Room SU 2.602 Doors open at 11:00 am.

Chapter Meetings

Dallas OWASP Chapter: February 2009 Meeting

Topic: "Vulnerability Management in an Application Security World."

Presenter: Dan Cornell, Principal, Denim Group

Date: February 25, 2009 11:30am – 1:30pm

Location: UTD Campus - Galaxy Room of the Student Union, Room SU 2.602 Doors open at 11:00 am.

Abstract:

Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Presenter Bio:

Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.


Dallas_OWASP_Flyer.pdf‎

Dallas OWASP Chapter Leaders

The chapter leaders are Leah Teutsch, Andrea Wendeln and Don McMillian.