|
|
| (6 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| − | {{Chapter Template|chaptername=Des Moines|extra=The chapter leader is [mailto:Jason.Braddy@owasp.org Jason Braddy].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Des_Moines|emailarchives=http://lists.owasp.org/pipermail/owasp-Des_Moines}} | + | {{Chapter Template|chaptername=Des Moines|extra=The chapter leaders are [mailto:morgan.mccarley@owasp.org Morgan McCarley] and [mailto:nichole.dugan@owasp.org Nichole Dugan] |
| | + | |meetupurl=https://www.meetup.com/OWASP-Des-Moines-Chapter/|region=United States}} |
| | | | |
| | == Local News == | | == Local News == |
| | + | |
| | + | '''Meeting Location''' |
| | | | |
| | Everyone is welcome to join us at our chapter meetings. | | Everyone is welcome to join us at our chapter meetings. |
| − |
| |
| − | Follow us on Twitter! https://www.twitter.com/owaspDSM
| |
| − |
| |
| − | ==Upcoming Events ==
| |
| − | === Thursday, April 14, 2016 ===
| |
| − | <br/>Location: Gravitate Des Moines (206 6th Ave, 3rd Floor)
| |
| − | <p>
| |
| − | <br/>Joint OWASP DSM / SecDSM Meeting
| |
| − | <br/>We are joining forces with SecDSM for an AppSec-focused meeting.
| |
| − |
| |
| − | </p>
| |
| − | <br/>Presenters: Ben Schmitt and Antoinette Stevens, "Web Development frameworks"
| |
| − | <br/>In recent years, web development has become more accessible for less experienced developers thanks to frameworks. Frameworks provide a simple method to build complex and dynamic websites and applications in a reasonably short amount of time. Many frameworks advertise the idea of ‘built-in security’ as a feature, meaning the framework takes care of protecting the app from vulnerabilities without the developer having to think about it. So, what are framework developers doing to make security a default for the applications that are built on top? This talk will explore ‘built-in security’ in framework development. We’ll look at what guidelines have been set forth when designing a framework that is secure by default and what vulnerabilities often still exists in a framework.
| |
| − |
| |
| − |
| |
| − | <br/>Presenter: David Lindner, "OWASP Mobile Top Ten Security Risks - iOS"
| |
| − | <br/>With over 3.1 million applications in the Apple AppStore and Google Play Store, and more than 7.5 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. Mobile application security encompasses many facets of security. Device security, application security, and network security all play an important role in the overall security posture of a mobile application. Part of being a pen tester of mobile applications is understanding how every security control works and how they all interact. The Open Web Application Security Project (OWASP) has aimed to help organizations understand the most prevalent mobile risks with their released OWASP Mobile Top Ten Risks of 2014. Join Dave as he walks through the Top Ten, provides spot the bug code snippets, and explains the typical vulnerabilities found in doing penetration testing and code review of mobile applications.
| |
| − | <br/>David Lindner is the Director of Mobile and IoT Security at nVisium
| |
| − |
| |
| − | ==Past Events ==
| |
| − |
| |
| − | === Thursday, February 18, 2016 ===
| |
| − | <br/>Location: DHI Group, Inc. Urbandale office
| |
| − | <p>
| |
| − | <br/>OWASP DSM Leadership Round Table
| |
| − | <br/>This is going to be a meeting for anyone willing to help organize events for the Des Moines OWASP chapter in 2016. Please come with ideas for topics, speakers, sponsors, and anything else you think would make the group better. Food and drink will be provided.
| |
| − |
| |
| − | === Tuesday September 23, 2014 ===
| |
| − | <br/>Location: Dice Holdings, Inc. Urbandale office
| |
| − | <br/>Sponsored by [http://www.midamericanenergy.com/ MidAmerican Energy]
| |
| − | <p>
| |
| − | <br/>ZAP ([https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Zed Attack Proxy]) Workshop
| |
| − | <br/>Remote training session by Russ McRee on the use of ZAP, followed by Q&A and a workshop session with local targets. Bring a laptop!
| |
| − | <br/>Russ is Director of Threat Intelligence & Engineering at Microsoft, a handler at the Internet Storm Center, and author of the <em>toolsmith</em> column for the ISSA Journal.
| |
| − |
| |
| − | </p>
| |
| − |
| |
| − | === Wed November 13, 2013 ===
| |
| − | <br/>Location: Meredith Corporation
| |
| − | <br/>Sponsored by [http://www.riverbed.com/products-solutions/products/application-delivery-stingray/ Riverbed Technology - Stingray BU]
| |
| − | <p>
| |
| − | <br/>Presenter: Matthew Sullivan, "Advanced Client-Side Protections"
| |
| − | <br/>Web programmers often cover the web security basics, like implementing anti-XSS and anti-CSRF controls, but often remain unaware of new client-side security directives, like Content Security Policy, HTTP Strict Transport Security, and X-Frame-Origin. This presentation will describe what these three controls do to protect end-users, and what technical challenges an organization might face if they wish to implement these controls in their web applications.
| |
| − | <br/>Matthew is a Security Vulnerability Analyst for WebFilings
| |
| − |
| |
| − | </p>
| |
| − |
| |
| − | <br/>Presenter: Jason Braddy, "Self-Defending Web Infrastructure"
| |
| − | <br/>While it seems clear that security can't effectively be "bolted on" to insecure applications, infrastructure elements still have a role to play in a comprehensive strategy. Thoughtful use of technologies that may already be in place can provide a number of options for improving detection, protection, and response capabilities.
| |
| − | <br/>Jason is a Network Engineer for Dice Holdings, Inc.
| |
| − |
| |
| − |
| |
| − | === Wed August 14, 2013 - '''OWASP Des Moines Inaugural Meeting''' ===
| |
| − |
| |
| − | <br/>Location: Dice Holdings, Inc.
| |
| − | <br/>Sponsored by [https://www.whitehatsec.com White Hat Security]
| |
| − | <p>
| |
| − | <br/>Presenter: Ethan Wilder, "CSRF: Inside the Magic"
| |
| − | <br/>Ethan Wilder is a long time computer security enthusiast with a special interest in web application security. He's currently pursuing a masters degree in Information Assurance from Iowa State University by night and working as a software developer at Farmers Mutual Hail by day.
| |
| − |
| |
| − | </p>
| |
| − |
| |
| | | | |
| | [[Category:OWASP Chapter]] | | [[Category:OWASP Chapter]] |
| − | [[Category:United_States]]
| |
| − | [[Category:Iowa]]
| |
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
