This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Houston"

From OWASP
Jump to: navigation, search
(RSVP)
m
 
(86 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Houston|extra=The chapter Leaders are; [mailto:joseph.konieczka@owasp.org Joseph Konieczka], [mailto:landon.mayo@owasp.org Landon Mayo], [mailto:[email protected] Patrick Snyder], [mailto:[email protected] Paul Scott], [mailto:t.[email protected] Tyler Borland], [mailto:[email protected] Tom Cline], [mailto:[email protected] Johnathan Kuskos]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-houston|emailarchives=http://lists.owasp.org/pipermail/owasp-houston}}
+
{{Chapter Template|chaptername=Houston|extra=The chapter leaders are [mailto:ryan.tierney@owasp.org Ryan Tierney] and [mailto:benjamin.loula@owasp.org Benjamin Loula].
 +
|meetupurl=https://www.meetup.com/OWASP-Houston-Texas-Chapter/|region=United States}}
 +
 
 +
== Local News ==
 +
<br/>
 +
'''Everyone is welcome to join us at our chapter meetings.'''
 +
<br/>
 +
<br/>
  
 
=Upcoming Events=
 
=Upcoming Events=
=====OWASP Houston July Chapter Meeting=====
 
=====Monday July 18, 2016 at 6:30PM=====
 
  
We will be meeting at the NetIQ offices from 6:30-8:30PM on Monday July 18, 2016. 515 Post Oak Blvd, Houston, TX 77027
+
==2019==
 +
===OWASP Houston December Chapter Meeting===
 +
 
 +
'''When:''' TBD
 +
 
 +
'''Where:''' TBD
 +
 
 +
'''Time:''' TBD
 +
 
 +
=Past Events=
 +
==2019==
 +
===OWASP Houston October Chapter Meeting===
 +
'''When:''' Thursday, October 24, 2019
 +
 
 +
'''Where:''' 1001 Fanin Street, Suite 4550 Houston, TX 77002
 +
 +
'''Time:''' 6pm - 8pm
 +
 
 +
'''Speaker:''' Dan Crowley
 +
 
 +
<blockquote>
 +
Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.
 +
</blockquote>
 +
 
 +
'''Title:''' Windows File Pseudonyms: Ten Years Later, Where are We?
 +
 
 +
<blockquote>
 +
This talk a revisiting of techniques and oddities related to how Windows handles file names and paths, and a discussion of what works, or doesn't, on Windows 10.
 +
</blockquote>
 +
 
 +
'''Speaker:''' Travis Horvath
 +
<blockquote>
 +
Travis is a reformed systems administrator and network analyst turned hacker.  He enjoys collecting reverse shells and long lists of hashed passwords.  When he’s not trying to find your mother’s maiden name, first pet, and street you grew up on, he’s tinkering with a 3D printer or quadcopter.  During his time as an infosec consultant, he’s appended several letters his title including “OSCP”, “OSWP”, and “CREST”.</blockquote>
 +
 
 +
'''Title:''' The New Hotness: A briefing and demo of HTTP Request Smuggling
 +
 
 +
<blockquote>
 +
A brief on the “new” HTTP desynchronization attack dubbed “HTTP Request Smuggling”, released by James Kettle at DEF CON and Black Hat this year. We will break down and demo the attack, detail what it is, how to test for it, and how to defend against it.</blockquote>
 +
 
 +
'''Sponsor:''' Experis
 +
===OWASP Houston September Chapter Meeting===
 +
'''When:''' Thursday, September 26, 2019
 +
 
 +
'''Where:''' Flying Saucer Draught Emporium 705 Main St, Houston, TX 77002
  
Building security requires the list of attendees with their full names by the Friday prior to the meeting, so please signup by the Thursday before the meeting. https://www.eventbrite.com/e/owasp-houston-chapter-meeting-july-18-2016-tickets-26305959834
+
'''Time:''' 6pm - 8pm
  
Michael F. Angelo, CRISC, CISSP | Chief Security Architect at Micro Focus | NetIQ Corporation will go over Threat Modeling basics and philosophy as well of some of the tools that he uses.  
+
'''Description:''' September our sponsor Experis will be helping us host a chapter meeting. This will be a happy hour event where we would like to meet our chapter members and get to know them a bit.  This event will also be a chance for any of you to express the direction you would like to see the chapter go in.
  
We are still lining up speakers for the rest of the year, but have confirmed the meeting date and location for the next few months, so you can block out your calendars. We will be meeting at the NetIQ office on these Monday nights: 7/18/2016, 8/22/2016, 9/19/2016, and 10/17/2016. July, September, and October are all on the third Monday but in August we will need to meet on the fourth Monday night.
+
'''Sponsor:''' Experis
  
 +
===OWASP Houston March Chapter Meeting===
  
=Past Events=
+
'''When:''' Wed, March 20, 2019 7 PM – whenever we are done
=====OWASP Houston June Chapter Meeting=====
+
 
=====Monday June 20, 2016 at 6:30PM=====
+
'''Where:''' The Local Pour, The Woodlands, TX 77381
 +
 
 +
'''Description:''' This month we will be joining with the Woodlands Hackers Association to socialize. We will be in the glass room right inside the entrance. Wooha will be sponsoring this event by providing us a shared venue. After the regular WooHa meetup we will be socializing and would like to introduce ourselves and get to meet others in the chapter.
 +
 
 +
'''Note:''' This will not be a permanent location. We are still getting the chapter up and going and trying to finalize locations for events.
 +
 
 +
==2018==
 +
 
 +
===Owasp Houston April Chapter Meeting===
 +
 
 +
'''When:''' Wed, April 25, 2018 6:30 PM – 8:30 PM
 +
 
 +
'''Where:''' PROS 3100 Main 2nd floor, Room B Houston, TX 77002
 +
 
 +
'''Speaker:''' Mahesh Babu, Head of Product Strategy, Contrast Security
 +
<blockquote>Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.</blockquote>
 +
 
 +
'''Title:''' A phased approach to building security automation into your CI/CD
 +
<blockquote> So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach.</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston February Chapter Meeting===
 +
'''When:''' Wed, February 28, 2018 6:30 PM – 8:30 PM
 +
 
 +
'''Where:''' PROS 3100 Main 2nd floor, Room B Houston, TX 77002
 +
 
 +
'''Speaker:''' Houston Java Users Group
 +
 
 +
'''Title:''' App Security Really Will Make You Money!
 +
<blockquote> When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees.</blockquote>
 +
 
 +
'''Sponsor:''' Checkmarx <br><br>
 +
[[#Listing of Past Events|Back to Top]]
  
We will be meeting at the NetIQ offices from 6:30-8:30PM on Monday June 20, 2016 to restart the chapter.
+
==2017==
 +
===Owasp Houston July Chapter Meeting===
 +
'''When:''' Tuesday July, 2017 at 6:30 PM
  
Meeting Agenda:
+
'''Where:''' NetIQ Corp 515 Post Oak Blvd, Houston, TX 77027
  
1. Introductions of all attendees to gain a solid understanding of backgrounds, interests, and what people would like to learn about.
+
'''Speaker:''' Greg Anderson
 +
<blockquote>Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page: https://www.owasp.org/index.php/User:Devgreg</blockquote>
  
2. Upcoming security related conferences - LASCON in Austin, Cyber Texas in San Antonio
+
'''Title:''' Making Vulnerability Management Less Painful with OWASP DefectDojo
 +
<blockquote> DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.</blockquote>
  
3. Major OWASP Projects that have been updated recently or currently being worked on: OWASP Top 10 - 2016 Data Call discussion question review. Proactive Controls, ASVS 3, Developer Guide reboot, OpenSAMM, WAFEC updates, OWASP Testing Guide, WebGoat 7
+
[[#Listing of Past Events|Back to Top]]
  
4. Discussion about possible study groups that we want to start having. For example, CISSP or CSSLP certification preparation, Hacking-Live CD interactive sessions. OWASP ZAP workshop (leveraging bodgeit, WebGoat, and Security Shepherd), other books or projects people would like to pursue.
+
===Owasp Houston May Chapter Meeting===
 +
'''When:''' Tuesday May 23, 2017 at 6:00PM
  
5. Topics that people would like to see discussed at the next meeting and how often they would like to meet. Ideally, we could meet once a month for the normal meeting and then at least twice a month for study groups. This has been very successful for the Austin chapter.
+
'''Where:''' Lucky’s Pub Downtown 801 St Emanuel Street, Houston, TX 77003
  
=====OWASP Houston Metasploit Workshop=====
+
'''Title:''' General Discussions and Networking
=====February 20th 2014 at 6PM=====
+
<blockquote>Our May meeting will be a discussion and forum focusing on OWASP projects and chapter roadmap. Discussion about:<br>
Greetings,
+
* OWASP Projects and events
 +
* Proposed topics for next meetings
 +
* Suggestions for becoming better involved in both the application development and security initiatives
 +
* Open discussion of current trends
 +
</blockquote>
 +
'''Agenda:'''
 +
<blockquote>
 +
* 6:00 PM: Networking
 +
* 6:30 PM: Start of discussion
 +
* 8:00 PM Wrap-up and head home
 +
</blockquote>
 +
[[#Listing of Past Events|Back to Top]]
  
We have a new venue sponsored by TXRX Labs. If you haven't been to TXRX labs its 16,000-square-foot hacker space on the east side of downtown. They provide educational classes like Intro to LinuxCNC and host recreational programming events. They also have classes on knitting, welding,  soldering, bike repair, and pancakes. This is a great space for learning in Houston and that's why we're exploring its use for OWASP workshops.
+
===Owasp Houston January Chapter Meeting===
 +
'''When:''' Sunday, January 8, 2017 6:00 PM to 9:00 PM
  
Our first Workshop topic for 2014 will be an introduction to Metasploit led by Dennis Maldonado(@DennisMald).
+
'''Where:''' Poison Girl 1641 Westheimer · Houston, TX
  
Dennis is a security enthusiast/researcher with an interest in web application security and how web application vulnerabilities can be used to gain a foothold into the network.
+
'''Title:'''  New Year Kick-off
 +
<blockquote>We will be hosting a New Year kick-off event to get the year started. This is a social meeting. Please join us to hear about our planned schedule for the year. We are interested in hearing directly from you on the kinds of application security talks and speakers you would like to see this year.
 +
</blockquote>
  
Dennis will be hosting a workshop on Metasploit and how it can be utilized for web application security assessments.
+
'''Sponsor:''' Alertlogic
If you haven't been to an OWASP Houston Workshop before, you are encouraged to bring a laptop to follow along with the presentation, ask questions, and test out concepts.
 
  
Reception 6PM-7PM
+
[[#Listing of Past Events|Back to Top]]
  
Presentation 7PM-8PM
+
==2016==
 +
'''N/A'''
 +
==2015==
 +
===Owasp Houston March Chapter Meeting===
 +
'''When:''' Thursday, March 26, 2015 6:00 PM to 9:00 PM
  
Questions/Audience Participation 8PM-9PM
+
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
We will update this event to include more details as we confirm them.
 
  
TXRX Labs
+
'''Title:'''  Happy Hour
205 Roberts St, Houston, TX
+
<blockquote>Welcome back to 2015 and our first event of the year. Now that Rodeo season is wrapping up what better way to reconnect with your AppSec friends than one of our Happy Hours.
 +
</blockquote>
  
www.txrxlabs.org
+
[[#Listing of Past Events|Back to Top]]
  
RSVP at http://www.meetup.com/OWASP-Houston/events/163900402/
+
==2014==
 +
===Owasp Houston December Chapter Meeting===
 +
'''When:''' Wednesday, December 17, 2014 6:00 PM to 9:00 PM
  
Thank you,
+
'''Where:''' The Original OKRA Charity Saloon 924 Congress St · Houston, TX
  
OWASP Houston  
+
'''Title:'''  Happy Hour
 +
<blockquote>Season's greetings Houston,<br>
  
=====OWASP Houston August Mini-Con=====
+
We wanted to end the year with a social event. Join OWASP Houston to talk security on December 17th at Okra Charity Saloon at 924 Congress St. in downtown at 6:00 PM this Wednesday. We will be discussing some of our plans for the 2015 year and changes to chapter leadership.
=====Thursday, August 15, 2013 at 6:00 PM=====
 
 
<br>
 
<br>
You Hear Me Now? Leveraging Mobile Devices on Pentests
+
When Houston was founded in 1836, the intersection at Congress and Main was the city’s primary intersection and shaped downtown Houston’s development. The bar, located at 924 Congress, initially opened as the Original Casino Saloon in 1882 and remained open until Prohibition. The original circle arch and barrel vault ceilings are still intact today.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston April Chapter Meeting===
 +
'''When:''' Thursday, April 10, 2014 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' The Westin Galleria Houston 5060 West Alabama Street · Houston, TX
 +
 
 +
'''Title:''' Owasp Houston Mini-Con
 +
<blockquote>Please join us on April 10th for the first installment of OWASP Houston's 2014 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.
 
<br>
 
<br>
Sheraton Suites Houston Galleria
+
https://owasp-houston-april-mini-con.eventbrite.com
2400 West Loop S, Houston, TX
+
<br><br>
 +
This event will be held in the Westin at the Galleria. Free parking is available in the Galleria parking garage. We will be in the imperial ballroom. This is the same room that our first Mini-con was held in.
 
<br>
 
<br>
[http://www.meetup.com/OWASP-Houston/events/128410642/ Details]
+
Reception begins at 6:00PM. Our speakers at this event included Adam Prigden, and Tyler Borland. First presentation at 7:00PM. The event will be finished by 9:00PM.
 
<br>
 
<br>
 +
We may have a late announcement on a third speaker.
 +
</blockquote>
 +
 +
'''Speaker:''' Tyler Borland
 +
<blockquote>The primary focus of Tyler's talk is PHP Object Insertion. PHP Object Insertion, unserialize(), has been hitting the public circuit of popular software recently. Ever wondered what exactly it is and how to exploit it? This talk will walk you through a real, but patched, vulnerability and how to write a stable exploit for it. This talk will cover looking at PHP code, awesome Python exploit writing, and interesting things about PHP you might not have known on the adventure to creating a stable exploit.
 
<br>
 
<br>
 +
Tyler Borland, TurboBorland, is forced to do a bio even though he is not good at it. He's one of those odd people with an affinity for breaking software and teaching people how to do it. Credentials? Since when do they make me a ninja turtle? Just know your trek into my talk will be one filled with danger and intrigue!</blockquote>
  
=====OWASP Houston September Happy Hour=====
+
'''Speaker:''' Adam Prigden
=====Thursday, September 19, 2013 at 6:00 PM=====
+
<blockquote>The primary focus of Adam's talk is to discuss the reverse engineering of Java JAR files using the radare reverse engineering framework. These features include Java class file analysis and Java SSA extraction feature. This talk will utilize the Python scripting language primary for dynamic analysis, but the examples used in the talk should be easily transferable into the other scripting languages.
 
<br>
 
<br>
Please join us at Stag's Head pub on September 19th at 6PM for an OWASP Houston Happy Hour. Drinks are on us while the budget lasts. This will be the last Happy Hour meeting of the year.
+
Adam is an independent information security consultant, who is pursuing his PhD in Computer Science under the supervision of Dr. Dan Wallach at Rice University. He is also an active contributor to the radare reverse engineering framework, where he has contributed support for analyzing Java class files along with several other features. Adam began his information security career in U.S. Army as an Infantryman after which he went on to complete a B.S. in Electrical. Engineering and an M.S. in Engineering at the University of Texas. Prior to returning graduate school at Rice, Adam was responsible for helping to build internal security testing standards and guidelines, developing tools, and executing engagements at Praetorian. Adam consults on a wide range of topics that including code reviews, threat modeling, and software penetration testing. Additionally, he has also presented on a wide range of information security topics as a lecturer and instructor in public, private, and academic settings.</blockquote>
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston March Chapter Meeting===
 +
'''When:''' Thursday, March 13, 2014 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:'''  Happy Hour
 +
<blockquote>We will be hosting this year's first OWASP Houston Happy Hour from 6PM-9PM on March 13th, 2014. OWASP meetings are equally free to members and non-members.
 +
 
 +
Join us in discussing application security and recent security related news over Texas brewed beers and tasty snacks. Beer and snacks are generously provided by our sponsors, White Hat Security and Alert Logic.
 +
</blockquote>
 +
 
 +
'''Sponsors:''' White Hat Security & Alertlogic
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston February Chapter Meeting===
 +
'''When:''' Thursday, February 20, 2014 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' TXRX Labs 205 Roberts St · Houston, TX
 +
 
 +
'''Title:'''  Metasploit Workshop
 +
<blockquote>We have a new venue sponsored by TXRX Labs (http://txrxlabs.org). If you haven't been to TXRX labs its 16,000-square-foot hacker space on the east side of downtown. They provide educational classes like Intro to LinuxCNC (http://txrxlabs.org/classes/intro-to-linuxcnc-fall-2013_172/) and host recreational programming events. (http://txrxlabs.org/event/348/recreational-computer-programming-group/) They also have classes on knitting, welding, soldering, bike repair, and pancakes. This is a great space for learning in Houston and that's why we're exploring its use for OWASP workshops.
 
<br>
 
<br>
[http://www.meetup.com/OWASP-Houston/events/128411262 Details]
+
Our first Workshop topic for 2014 will be an introduction to Metasploit led by Dennis Maldonado(@DennisMald).
 
<br>
 
<br>
 +
Dennis will be hosting a workshop on Metasploit and how it can be utilized for web application security assessments.
 
<br>
 
<br>
 +
If you haven't been to an OWASP Houston Workshop before, you are encouraged to bring a laptop to follow along with the presentation, ask questions, and test out concepts. Dennis recommends bringing the latest version of Metasploit (currently 4.8.2) and Kali Linux (Currently 1.0.6, any architecture)
 +
</blockquote>
  
=====OWASP Houston October Workshop=====
+
'''Workshop Host:''' Dennis Maldonado
=====Thursday, October 17, 2013=====
+
<blockquote>Dennis is a security enthusiast/researcher with an interest in web application security and how web application vulnerabilities can be used to gain a foothold into the network.</blockquote>
 +
 
 +
'''Agenda'''
 +
<blockquote>
 +
* Reception 6PM-7PM
 +
* Presentation 7PM-8PM
 +
* Questions/Audience Participation 8PM-9PM
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
==2013==
 +
===Owasp Houston November Chapter Meeting===
 +
'''When:''' Thursday, November 14, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX
 +
 
 +
'''Title:''' Mini-Con
 +
<blockquote>Please join us on November 14th for the fourth installment of OWASP Houston's 2013 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.
 
<br>
 
<br>
1706 Yorktown St, Houston, TX
+
Reception begins at 6:00PM. Our speakers at this event included Jason Reeder, Johnathan Kuskos, and Daniel Buentello. Jason will starting the evening with our first presentation at 6:30PM. The event will be finished by 9:00PM.
Please join us for another OWASP Houston workshop. This will be a hands on exercise in security topics.
 
 
<br>
 
<br>
[http://www.meetup.com/OWASP-Houston/events/128411572/ Details]
+
This will be the last meeting of 2013. Thank you for all your support. We are currently planning the 2014 year.
<br>
 
<br>
 
<br>
 
=====OWASP Houston November Mini-Con=====
 
=====Friday, November 15, 2013=====
 
<br>
 
Sheraton Suites Houston Galleria
 
2400 West Loop S, Houston, TX
 
<br>
 
More details will be added. This will be the last meeting of the 2013 year for OWASP Houston. We will not be meeting in December.
 
<br>
 
[http://www.meetup.com/OWASP-Houston/events/128412212/ Details]
 
 
<br>
 
<br>
 +
To find out about future events, sign up for our meetup group. (http://www.meetup.com/OWASP-Houston/)
 +
</blockquote>
 +
 +
'''Speaker:''' Johnathan Kuskos
 +
<blockquote>Kuskos is a Senior Application Security Engineer and newly appointed Security Check Supervisor for WhiteHat Security. He has a bad habit of going home and hacking after he's done hacking at his day job. As an active participant in responsible disclosure, he can be found on publicly recognized "Whitehat" lists for Shopify, Twitter, Mozilla, Netflix, Google, Meraki, LastPass, Barracuda Networks, and Etsy.</blockquote>
 +
 +
'''Title:''' WAF bypassing, breaking client-side validation, and advanced SQL injection obsfucation
 +
<blockquote>The first bandaid that web app administrators typically apply to their site is a web application firewall. Most lack the technical skill set to tune it properly, or leave default settings "as is". Whitelists can be difficult to customize appropriately and blacklists usually fall prey to persistent attackers. Spoiler alert: All WAF's can be bypassed. This becomes even more devastating when the WAF is the only line of defense. This presentation will focus on injection obfuscation, and include a few cool tricks for bypassing pesky WAF blacklists and filters that I've come across on my journey to become a more thorough penetration tester.</blockquote>
 +
 +
'''Speaker:''' Daniel Buentello
 +
 +
'''Title:''' Weaponizing your Coffee Pot
 +
<blockquote>As SoC price continue to drop and their implementation continues to rise, connected “”appliances”" (Internet of Things)will become an attractive avenue for cybercriminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard) If one were able to compromise an embedded host it would be the perfect vantage point for a MITM attack or a beachhead to launch other attacks. I plan to guide you through some of the steps from initial reconnaissance to building binaries for different architectures. Then end goal being to take over the host without breaking designed functionality (stealthy), being able to run third-party binaries at the start (lethal), and surviving basic removal techniques (persistent) aka weaponizing.</blockquote>
 +
 +
'''Sponsors:'''
 +
* HP
 +
* Accuvant
 +
* Baracuda
 +
* Alert Logic
 +
* cPanel
 +
 +
[[#Listing of Past Events|Back to Top]]
 +
 +
===Owasp Houston October Chapter Meeting===
 +
'''When:''' Thursday, October 17, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' 1776 Yorktown 1776 Yorktown Street Houston, TX
 +
 +
'''Title:''' Oktoberfest Workshop
 +
<blockquote>
 +
Please join us for another OWASP Houston workshop. Stuart Dunsmore (GCIA, GREM) will be leading a lesson on reverse engineering of malware by dissecting some malware that was caught as part of an email campaign. Additionally, Mukul Gupta (PhD, GCIA, GWEB, CISSP, CISA, CAP) will be providing some crypto challenges. Join us to use your brain and a command line to solve puzzles for prizes.
 +
</blockquote>
 +
 +
'''Agenda'''
 +
<blockquote>Food, drinks, and crypto puzzles served from 6:00-8:??, Stuart will speak from 6:30 to 7:15. From 7:15 attendees may work through some of his lesson on their own and ask Stuart questions. Real malware samples will be provided. If you intend on participating please bring a computer with a virtual machine ready to go with an Evaluation copy of IDA pro.</blockquote>
 +
 +
'''Sponsors:'''  Karbach Brewery
 +
 +
[[#Listing of Past Events|Back to Top]]
 +
 +
===Owasp Houston September Chapter Meeting===
 +
'''When:''' Thursday, September 19, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 +
'''Title:'''  Happy Hour
 +
<blockquote>
 +
Please join us at Stag's Head pub on September 19th at 6PM for an OWASP Houston Happy Hour. Drinks are on us while the budget lasts. This will be the last Happy Hour meeting of the year.
 +
</blockquote>
 +
 +
[[#Listing of Past Events|Back to Top]]
 +
 +
===Owasp Houston August Chapter Meeting===
 +
'''When:''' Thursday, August 15, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX
 +
 +
'''Title:''' Mini-Con
 +
<blockquote>
 +
Please join us for another OWASP Houston Mini-Con on August 15th at 6PM. Please register on EventBrite to guarantee seating. (http://august-mini-con.eventbrite.com) Registration will be open July 29th at 10AM.
 +
</blockquote>
 +
 +
'''Speaker:''' Georgia Weidman
 +
<blockquote>Georgia has worked in information security in both the public and private sectors. She recently founded her own security firm, Bulb Security LLC focusing on security training, research and development, and penetration testing. She began speaking at security conferences at Shmoocon 2011 and has had a full schedule ever since, presenting all over the world. To name a few she has spoken at Security Zone, Takedowncon, Hacker Halted, Defcon Wireless Village, and many Bsides events.
 
<br>
 
<br>
 +
Georgia was recently awarded a DARPA Cyber Fast Track grant to continue her smartphone security research. Georgia’s security work has been featured in print articles including Ars Technica, PC World, and MIT Technology Review. She’s also discussed security on television on programs such as Fox News Live and 16×9 on Global TV Canada.</blockquote>
 +
 +
'''Title:''' Can You Hear Me Now?
 +
<blockquote>Leveraging Mobile Devices on Pentests BYOD is not a new concept. From contractor laptops to an employee’s game console in the break room, a compromised device in the corporate environment can lead to all sorts of bad things. In this talk we will look at the unique threats that BYOD for mobile devices brings to the table. The most security conscious corporations are deploying the latest devices and policies to stop attackers from breaching the perimeter and if they do to stop data exfiltration. We will discuss how mobile devices on a corporate network and/or handling company data undermines these efforts. We will look at multiple mobile platforms gathering sensitive information, attacking other devices such as other mobile devices, servers, and workstations, and using out of band communication to perform data exfiltration and communicate with internal devices. Multiple live demo scenarios will be shown and some useful code for pentesters will be released.</blockquote>
 +
 +
'''Speaker:''' Clint Pollock
 +
<blockquote>Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.</blockquote>
 +
 +
'''Title:''' Tips for Building a Successful Application Security Program Application
 +
<blockquote>Vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product. The development environment is becoming increasingly complex – application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software. Ensuring these entities are creating secure software is becoming a daunting task. Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your applications. During this presentation we will recap the state of software security today and discuss detailed actions you can take to build a successful application security program that is centralized, policy-driven, and comprehensive.
 +
</blockquote>
 +
 +
[[#Listing of Past Events|Back to Top]]
  
=====OWASP Houston February Mini-Con=====
+
===Owasp Houston July Chapter Meeting===
=====Thursday, February 21, 2013 at 6PM CST=====
+
'''When:''' Thursday, July 18, 2013 6:00 PM to 9:00 PM<br>
<br>
+
'''Where:''' 1706 Yorktown St 1706 Yorktown St Houston, Tx
Please join us for our May Mini-Con, 6PM May 16th, at the Sheraton Suites, 2400 W. Loop South, Houston, Texas 77027. We're trying a new location this time. This is a free event, but space is limited. We will be providing food and beverage. Please register for a ticket to confirm your space at the event. If tickets are unavailable, we will have some standing room.
 
<br>
 
We are pleased to annnounce the speakers and topics of the evening...
 
<br>
 
Catching Flies with Mr Miyagi: Web Application Testing Techniques by Kevin Johnson
 
<br>
 
In this talk based loosely around the Karate kid movies, Kevin John (CEO of Secure Ideas) will walk through some techniques to improve your web penetration testing techniques.  Stop being the kid moved from NJ and dropped into a cruddy apartment.  Learn the wax on/off of testing modern web applications.
 
<br>
 
Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.
 
<br>
 
WTF, WAF Testing Framework by Terry Ray
 
<br>
 
Terry Ray will be presenting an approach to evaluating web application firewall capabilities that is suitable to the real world use case. The methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. He will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment.
 
<br>
 
When and Where?
 
<br>
 
Thursday, May 16th from 6PM-9PM
 
<br>
 
Sheraton Suites
 
<br>
 
2400 W. Loop South
 
<br>
 
Houston, Texas 77027
 
<br>
 
For Directions: (713) 586-2444
 
<br>
 
Seating is limited, so please read these directions carefully:
 
RSVP'ing on meetup.com will not guarantee entry to the event.  This is a limited capacity event.  If you would like to guarantee the availability of a seat please reserve a ticket with Eventbrite @ [https://owasp-houston-may-mini-con.eventbrite.com Reserve a Ticket]
 
<br>
 
<br>
 
  
=====OWASP Houston March Happy Hour=====
+
'''Title:''' July Workshop
=====Thursday, March 14, 2013 at 6PM CST=====
+
<blockquote>
Sponsors:<br>
+
If you've been in application security for more than a day, you've probably heard about SQL injection. However, code injection flaws span a wide range of issues and are SQL is not unique in its susceptibility to injection attacks. In this class, we'll learn about another query language called XPath and discover how it, too, can be susceptible to injection attacks. Using the "XMLmao" testbed from the Magical Code Injection Rainbow suite, attendees will learn hands-on how to perform XPath injection attacks.
[https://imperva.com Imperva - Business Security Solutions - Complete Data Security]<br>
 
[https://alertlogic.com Alert Logic Brings Network Security & Cloud Security Services to You]<br>
 
<br>
 
Please join us for an OWASP Houston March Happy Hour.
 
<br>
 
More details coming soon.
 
<br>
 
'''When:''' Thursday, March 14, 2013 at 6PM CST
 
<br>
 
'''Where:''' Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098
 
<br>
 
'''Phone:''' (713) 533-1199
 
<br>
 
<br>
 
 
<br>
 
<br>
 +
We will also have a copy of the testbed running on some virtual machines for everyone to test out after the workshop.
 +
</blockquote>
 +
'''Workshop Host:''' Daniel Crowley
 +
<blockquote>Daniel is a Managing Consultant for Trustwave's SpiderLabs team. Daniel has developed configurable testbeds such as SQLol, XSSmh and XMLmao for training and research regarding specific vulnerabilities. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE.</blockquote>
  
=====OWASP Houston February Mini Con=====
+
[[#Listing of Past Events|Back to Top]]
=====Thursday, February 21st, 2013 at 6PM CST=====
 
Sponsors:<br>
 
[https://imperva.com Imperva - Business Security Solutions - Complete Data Security]<br>
 
[https://alertlogic.com Alert Logic Brings Network Security & Cloud Security Services to You]<br>
 
<br>
 
Please join us for an OWASP Houston March Happy Hour.
 
<br>
 
More details coming soon.
 
<br>
 
'''When:''' Thursday, February 21st, 2013 at 6PM CST
 
<br>
 
'''Where:''' Westin Galleria, Imperial Suite
 
<br>
 
<br>
 
<br>
 
  
===OWASP Houston January Workshop===
+
===Owasp Houston June Chapter Meeting===
===Thursday, January 31st at 6PM===
+
'''When:''' Thursday, June 27, 2013 6:00 PM to 9:00 PM<br>
Sponsored by: Imperva and AlertLogic
+
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
<br>
 
Join us for an OWASP Houston Workshop.  During this workshop, attendees will be lead through the process of discovering and reporting vulnerabilities.  We will start by reviewing source code for common vulnerabilities.  Once we identify interesting code, we will test the application to confirm our findings.  Finally, we will discuss reporting.  If you would like to participate please bring your laptop.  You should prepare a virtual machine with Linux, Apache, Mysql, and PHP. We will have members helping with virtual machine configurations and assistance.  If you just want to watch, that's fine too.  We look forward to your attendance.
 
<br>
 
'''Sponsored by:''' Imperva, Alert Logic
 
<br>
 
'''When:''' January 31st 2013 (Thursday 6PM - 8PM)
 
<br>
 
'''Where:''' Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098
 
<br>
 
'''Phone:''' (713) 533-1199
 
  
<br>
+
'''Title:''' Happy Hour
<br>
+
<blockquote>Please join us next Thursday, June 27th. OWASP Houston will be are hosting a happy hour at Stag's Head pub starting at 6PM. I encourage you to come and participate in a discussion on possible OWASP projects that OWASP Houston community can get engaged with. We feel, as a chapter, we should be involved with at least one OWASP project. Please join us discuss how you can participate.
===OWASP Houston Kick-Off Meeting (Nov. 19th)===
+
</blockquote>
We'll be reviewing survey results and trying to finalize some details like when and where to hold our meetings. If you want to get involved with OWASP Houston now is the time.
 
<br>
 
'''Sponsored by:''' Imperva, Alert Logic
 
<br>
 
'''When:''' November 19th 2012 (Monday 6PM - 8PM)
 
<br>
 
'''Where:''' Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098
 
<br>
 
'''Phone:''' (713) 533-1199
 
  
=Sponsors=
+
[[#Listing of Past Events|Back to Top]]
'''[https://imperva.com Imperva - Business Security Solutions - Complete Data Security]'''
 
<br>
 
<br>
 
'''[https://alertlogic.com Alert Logic Brings Network Security & Cloud Security Services to You]'''
 
<br>
 
<br>
 
'''[https://www.solidborder.com Solid Border | Network Security Reseller]'''
 
<br>
 
<br>
 
'''[https://barracuda.com Barracuda Networks]'''
 
<br>
 
<br>
 
'''[http://www.stachliu.com/ Stach & Liu]'''
 
<br>
 
<br>
 
'''[https://netflix.com Netflix - Watch TV Shows Online, Watch Movies Online]'''
 
<br>
 
<br>
 
'''[https://secureideas.com/ Secure Ideas -- Professionally Evil]'''
 
<br>
 
<br>
 
<br>
 
<br>
 
  
 +
===Owasp Houston May Chapter Meeting===
 +
'''When:''' Thursday, May 16, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Sheraton Suites Houston Galleria 2400 West Loop S · Houston, TX
  
 +
'''Title:''' Mini-Con
 +
<blockquote>
 +
Reserve a ticket on eventbrite for entry<br>
 +
https://owasp-houston-may-mini-con.eventbrite.com/<br>
 +
RSVP does not guarantee entry.We will be opening eventbrite shortly<br>
 +
We're trying a new venue in the Galleria Area. Please join us in the Galleria area at the Sheraton Suites, 2400 West Loop South.
 +
</blockquote>
  
=RSVP=
+
'''Speaker:''' Kevin Johnson
===RSVP===
+
<blockquote>Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.</blockquote>
<hr>
 
Please RSVP via the Eventbrite link listed for the event you'd like to attend.
 
  
 +
'''Title:''' Catching Flies with Mr Miyagi: Web Application Testing Techniques
 +
<blockquote>In this talk based loosely around the Karate kid movies, Kevin John (CEO of Secure Ideas) will walk through some techniques to improve your web penetration testing techniques. Stop being the kid moved from NJ and dropped into a cruddy apartment. Learn the wax on/off of testing modern web applications.</blockquote>
  
 +
'''Speaker:''' Terry Ray
  
 +
'''Title:''' WTF, WAF Testing Framework
 +
<blockquote>Presenting an approach to evaluating web application firewall capabilities that is suitable to the real world use case. Our methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. We will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment.</blockquote>
  
 +
'''Sponsors:'''
 +
* Alert Logic
 +
* Barracuda
 +
* cPanel
 +
* Imperva
  
 +
[[#Listing of Past Events|Back to Top]]
  
 +
===Owasp Houston April Chapter Meeting===
 +
'''When:''' Thursday, April 18, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
  
 +
'''Title:''' 
 +
<blockquote>
 +
This event was originally intended to be a workshop. But, our speaker for this event fell through.
 
<br>
 
<br>
 +
We will still have an informal meeting at Stag's Head for some adult beverages on April 18th at 6PM. If you want to have conversations about security topics and upcoming OWASP Houston plans please stop by.
 
<br>
 
<br>
 +
Unlike usual, we will not be using the private room. We'll be in the general area. Look for people with laptops and backpacks.
 +
</blockquote>
  
=Sponsorship Opportunities=
+
[[#Listing of Past Events|Back to Top]]
==Sponsorship Opportunities==
 
We're always looking for sponsors to help us provide the highest quality experience for our attendees. For sponsoring OWASP Houston we will list your name on our site, mention your sponsorship in all announcements on the mailing list, send us a banner and we'll hang it at the event, and send you some pictures. If you'd like to send someone to attend the event we will make room for a table. We encourage sponsors to have raffles to try and capture leads. Rather than sponsoring just one event consider sponsoring a few from the 2013 series.
 
  
==Opportunity #0 - Workshops==
+
===Owasp Houston March Chapter Meeting===
 +
'''When:''' Thursday, March 14, 2013 6:00 PM to 8:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
  
We will have four workshops in 2013. These will be meetings dedicated to hands on education. This could be related to programming a vulnerability scanner, auditing source code, exploiting a vulnerability, or mini-ctf. Your sponsorship of this event includes appetizers and beverages for the attendees. Due to popularity, sponsoring a workshop is a $500 dollar commitment. For $2,000 dollars you can sponsor every workshop of 2013.
+
'''Title:''' Happy Hour
 +
<blockquote>
 +
Please join us 6PM Thursday March 14th at Stag's Head for an OWASP Houston Happy Hour. We will provide beer, food, and conversations with security professionals. The lock picking table will also be present at this event, and we will be giving out prizes for challenge winners.
 +
<br>
 +
Stag's Head - 6PM Thursday March 14th
 +
http://www.stagsheadpub.com
 +
<br>
 +
2128 Portsmouth St
 +
Houston, TX 77098
 +
Neighborhood: Upper Kirby
  
==Opportunity #1 - Happy Hour Meeting==
+
</blockquote>
  
We will have three happy hour meetings in 2013. These will be social meetings where attendees build a local security community. We estimating the need for $500 in food and drink per meeting. By giving sponsors drink tickets to hand to attendees, we ensure that our sponsors are able to interact with everyone looking for another drink. Feel free to pass out business cards and network just like you would anywhere else. We will have three of these types of meetings in 2013 so you can sponsor all of them for just $1,500. On months where we have a formal meeting we will not hold an informal meetup.
+
'''Sponsors:''' Alertlogic & Imperva
  
==Opportunity #2 - Formal Presentation Meeting==
+
[[#Listing of Past Events|Back to Top]]
  
At our quarterly meetings we will be hosting two quality presenters. Generally we try to pull one presenter from out of state. Your sponsorship of this event includes food and beverages for the attendees. We are seeking $700 per sponsor to cover our expenses. Consider supporting the Houston OWASP community by sponsoring all of our quarterly meetings for $2,800.
+
===Owasp Houston February Chapter Meeting===
 +
'''When:''' Thursday, February 21, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' The Westin Galleria Houston 5060 West Alabama Street · Houston, TX
  
==Opportunity #3 - OWASP Presenter Sponsorship==
+
'''Title:''' Mini-Con
 +
<blockquote>
 +
Please read these details carefully. RSVP'ing on meetup.com will not guarantee entry to the event. This is a limited capacity event. If you would like to guarantee the availability of a seat please reserve a ticket with eventbrite.
 +
<br>
 +
https://owasp-feb-mini-con.eventbrite.com
 +
<br>
 +
Please join us in the Imperial Suite, located on the 24th floor of the Westin Galleria, on Thursday, February 21st at 6PM for the first OWASP Houston conference-style event of 2013.
 +
<br>
 +
The featured presentation will be delivered by Jason Chan, Cloud Security Architect from Netflix. Jason will be joining us to discuss Netflix approach to application security testing.
 +
</blockquote>
  
Although OWASP is a non-profit organization, we strive to provide our members with the best presenters possible. In exchange for covering travel expenses for these presenters, our chapter will provide you with five minutes at the start of the meeting to introduce yourself and tell us about the products or services that your company offers. This benefit is in addition to special mention for sponsoring the travel. The speakers traveling expenses may vary but with a $1,200 donation we think we can handle the rest.
+
'''Sponsors:'''
 +
* Barracuda Networks
 +
* Imperva
 +
* Solid Border
 +
* AlertLogic
  
==Opporutnity #4 - Meeting Space==
+
[[#Listing of Past Events|Back to Top]]
  
We currently need funds to secure a stable meeting space for our quarterly presentations and workshops.
+
===Owasp Houston January Chapter Meeting===
 +
'''When:''' Thursday, January 31, 2013 6:00 PM to 8:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
  
==Opportunity #5 - Lock Pick Table==
+
'''Title:''' Workshops
 +
<blockquote>
 +
Join us on Thursday January 31st for an OWASP Houston Workshop. During this workshop attendees will be lead through the process of discovering and reporting vulnerabilities. We will start by reviewing source code for some common vulnerabilities. Once we identify interesting code, we will test the application to confirm our findings. Finally, we will discuss reporting. If you'd like to participate bring your laptop. You should prepare a virtual machine with Linux, Apache, Mysql, and PHP. If you just want to watch that's fine too.
 +
<br>
 +
Please join us 6PM Thursday January 31st at Stag's Head.
 +
http://www.stagsheadpub.com
 +
<br>
 +
2128 Portsmouth St
 +
Houston, TX 77098
 +
Neighborhood: Upper Kirby
 +
</blockquote>
  
We are coordinating a lock picking table at every event. To help us get some new locks and create some mock door setups. For $1,000 bucks you can sponsor the table for a whole year. This opportunity is limited to one company. We'll credit you for it in all promotions, list you as a sponsor on the website.  The whole deal.
+
'''Sponsors:''' Alertlogic & Imperva
  
=Call for Papers=
+
[[#Listing of Past Events|Back to Top]]
==Call for Papers==
 
We're actively accepting abstracts. Please send all abstracts to paul dot scott at owasp dot org.
 
  
=Local News=
+
==2012==
==Local News==
+
===Owasp Houston March Chapter Meeting===
Worthwhile information.
+
'''When:''' Monday, November 19, 2012 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:''' Kick-off Meeting
 +
<blockquote>
 +
Thank you for your interest in OWASP Houston! We're planning a Kick-off meeting Monday November 19th to shape our plans for the 2013 year and we are looking for your participation. Please join us for food and drinks(beer) provided by our sponsor while we review aggregated survey results and finalize plans for our 2013 series of OWASP meetings.
 
<br>
 
<br>
==November 5th 2012==
+
Please join us 6PM Monday November 19th at Stag's Head.
Houston OWASP Chapter has been activated. Please join us in making this a successful security meetup. First meeting to finalize details around 2013 series of meeting has been scheduled for November 19th, 2012. Please fill out the quick five question [http://www.surveymonkey.com/s/RWNWRZX survey] if you have not.
+
http://www.stagsheadpub.com
 +
<br>
 +
2128 Portsmouth St
 +
Houston, TX 77098
 +
Neighborhood: Upper Kirby
 +
<br>
 +
We are looking for additional people that are interested in helping OWASP Houston. So if you want to get involved now is the time.
 +
<br>
 +
Even though this is not a formal meeting I do expect some bugs will be discovered during the course of the meeting. So if you want to learn something come early.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
=Training Days=
 +
==Upcoming==
 +
==Past==
 +
 
 +
=Announcements=
 +
<blockquote>The chapter is in the process of obtaining sponsors and venues for meetings.  Check back soon for further announcements</blockquote>
 +
 
 +
=Sponsorship Info=
 +
==We are looking for sponsors==
 +
<blockquote>The Houston chapter is currently looking for sponsors to help us host some of the following events. If you would like more information about sponsoring our chapter, please reach out to [mailto:ryan.tierney@owasp.org Ryan Tierney] or [mailto:benjamin.loula@owasp.org Benjamin Loula].</blockquote>
  
 +
===Event Types===
 +
'''OWASP Houston Chapter Meetings'''
 +
<blockquote>The chapter meetings are the heart of the chapter. We need good content to bring to our members. Also, we need a good space that is welcoming and quiet for those attending to hear. We are looking for sponsors to help provide space and equipment for talks and presentations.</blockquote>
 +
'''OWASP Houston Chapter Happy Hour Sponsorship'''
 +
<blockquote>The chapter is looking for sponsors to help fund happy hours. This opportunity can benefit both the chapter and the sponsor.</blockquote>
 +
'''OWASP Houston Chapter Technical Trainings'''
 +
<blockquote>This chapter is looking to start helping build talent in this geographical area. We need to obtain training space, help setting up equipment, and even getting instructors here in the future.</blockquote>
 +
'''OWASP Houston Chapter Presenter Sponsorships'''
 +
<blockquote>The ability to help top tier presenters to get out to our chapter, we need some help.  This level of sponsorship will do just that.  We need help getting talented presenters to the area.</blockquote>
 +
__NOTOC__ <headertabs></headertabs>
  
__NOTOC__
 
<headertabs/>
 
  
 
[[Category:OWASP Chapter]]
 
[[Category:OWASP Chapter]]
[[Category:Texas]]
 

Latest revision as of 12:45, 31 October 2019

OWASP Houston

Welcome to the Houston chapter homepage. The chapter leaders are Ryan Tierney and Benjamin Loula.

Upcoming Events

Meetup_logo3.jpg Houston Schedule of Events

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Local News


Everyone is welcome to join us at our chapter meetings.

2019

OWASP Houston December Chapter Meeting

When: TBD

Where: TBD

Time: TBD

2019

OWASP Houston October Chapter Meeting

When: Thursday, October 24, 2019

Where: 1001 Fanin Street, Suite 4550 Houston, TX 77002

Time: 6pm - 8pm

Speaker: Dan Crowley

Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.

Title: Windows File Pseudonyms: Ten Years Later, Where are We?

This talk a revisiting of techniques and oddities related to how Windows handles file names and paths, and a discussion of what works, or doesn't, on Windows 10.

Speaker: Travis Horvath

Travis is a reformed systems administrator and network analyst turned hacker. He enjoys collecting reverse shells and long lists of hashed passwords. When he’s not trying to find your mother’s maiden name, first pet, and street you grew up on, he’s tinkering with a 3D printer or quadcopter. During his time as an infosec consultant, he’s appended several letters his title including “OSCP”, “OSWP”, and “CREST”.

Title: The New Hotness: A briefing and demo of HTTP Request Smuggling

A brief on the “new” HTTP desynchronization attack dubbed “HTTP Request Smuggling”, released by James Kettle at DEF CON and Black Hat this year. We will break down and demo the attack, detail what it is, how to test for it, and how to defend against it.

Sponsor: Experis

OWASP Houston September Chapter Meeting

When: Thursday, September 26, 2019

Where: Flying Saucer Draught Emporium 705 Main St, Houston, TX 77002

Time: 6pm - 8pm

Description: September our sponsor Experis will be helping us host a chapter meeting. This will be a happy hour event where we would like to meet our chapter members and get to know them a bit. This event will also be a chance for any of you to express the direction you would like to see the chapter go in.

Sponsor: Experis

OWASP Houston March Chapter Meeting

When: Wed, March 20, 2019 7 PM – whenever we are done

Where: The Local Pour, The Woodlands, TX 77381

Description: This month we will be joining with the Woodlands Hackers Association to socialize. We will be in the glass room right inside the entrance. Wooha will be sponsoring this event by providing us a shared venue. After the regular WooHa meetup we will be socializing and would like to introduce ourselves and get to meet others in the chapter.

Note: This will not be a permanent location. We are still getting the chapter up and going and trying to finalize locations for events.

2018

Owasp Houston April Chapter Meeting

When: Wed, April 25, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Mahesh Babu, Head of Product Strategy, Contrast Security

Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.

Title: A phased approach to building security automation into your CI/CD

So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach.

Back to Top

Owasp Houston February Chapter Meeting

When: Wed, February 28, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Houston Java Users Group

Title: App Security Really Will Make You Money!

When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees.

Sponsor: Checkmarx

Back to Top

2017

Owasp Houston July Chapter Meeting

When: Tuesday July, 2017 at 6:30 PM

Where: NetIQ Corp 515 Post Oak Blvd, Houston, TX 77027

Speaker: Greg Anderson

Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page: https://www.owasp.org/index.php/User:Devgreg

Title: Making Vulnerability Management Less Painful with OWASP DefectDojo

DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.

Back to Top

Owasp Houston May Chapter Meeting

When: Tuesday May 23, 2017 at 6:00PM

Where: Lucky’s Pub Downtown 801 St Emanuel Street, Houston, TX 77003

Title: General Discussions and Networking

Our May meeting will be a discussion and forum focusing on OWASP projects and chapter roadmap. Discussion about:
  • OWASP Projects and events
  • Proposed topics for next meetings
  • Suggestions for becoming better involved in both the application development and security initiatives
  • Open discussion of current trends

Agenda:

  • 6:00 PM: Networking
  • 6:30 PM: Start of discussion
  • 8:00 PM Wrap-up and head home

Back to Top

Owasp Houston January Chapter Meeting

When: Sunday, January 8, 2017 6:00 PM to 9:00 PM

Where: Poison Girl 1641 Westheimer · Houston, TX

Title: New Year Kick-off

We will be hosting a New Year kick-off event to get the year started. This is a social meeting. Please join us to hear about our planned schedule for the year. We are interested in hearing directly from you on the kinds of application security talks and speakers you would like to see this year.

Sponsor: Alertlogic

Back to Top

2016

N/A

2015

Owasp Houston March Chapter Meeting

When: Thursday, March 26, 2015 6:00 PM to 9:00 PM

Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Welcome back to 2015 and our first event of the year. Now that Rodeo season is wrapping up what better way to reconnect with your AppSec friends than one of our Happy Hours.

Back to Top

2014

Owasp Houston December Chapter Meeting

When: Wednesday, December 17, 2014 6:00 PM to 9:00 PM

Where: The Original OKRA Charity Saloon 924 Congress St · Houston, TX

Title: Happy Hour

Season's greetings Houston,

We wanted to end the year with a social event. Join OWASP Houston to talk security on December 17th at Okra Charity Saloon at 924 Congress St. in downtown at 6:00 PM this Wednesday. We will be discussing some of our plans for the 2015 year and changes to chapter leadership.
When Houston was founded in 1836, the intersection at Congress and Main was the city’s primary intersection and shaped downtown Houston’s development. The bar, located at 924 Congress, initially opened as the Original Casino Saloon in 1882 and remained open until Prohibition. The original circle arch and barrel vault ceilings are still intact today.

Back to Top

Owasp Houston April Chapter Meeting

When: Thursday, April 10, 2014 6:00 PM to 9:00 PM

Where: The Westin Galleria Houston 5060 West Alabama Street · Houston, TX

Title: Owasp Houston Mini-Con

Please join us on April 10th for the first installment of OWASP Houston's 2014 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.


https://owasp-houston-april-mini-con.eventbrite.com

This event will be held in the Westin at the Galleria. Free parking is available in the Galleria parking garage. We will be in the imperial ballroom. This is the same room that our first Mini-con was held in.
Reception begins at 6:00PM. Our speakers at this event included Adam Prigden, and Tyler Borland. First presentation at 7:00PM. The event will be finished by 9:00PM.
We may have a late announcement on a third speaker.

Speaker: Tyler Borland

The primary focus of Tyler's talk is PHP Object Insertion. PHP Object Insertion, unserialize(), has been hitting the public circuit of popular software recently. Ever wondered what exactly it is and how to exploit it? This talk will walk you through a real, but patched, vulnerability and how to write a stable exploit for it. This talk will cover looking at PHP code, awesome Python exploit writing, and interesting things about PHP you might not have known on the adventure to creating a stable exploit.


Tyler Borland, TurboBorland, is forced to do a bio even though he is not good at it. He's one of those odd people with an affinity for breaking software and teaching people how to do it. Credentials? Since when do they make me a ninja turtle? Just know your trek into my talk will be one filled with danger and intrigue!

Speaker: Adam Prigden

The primary focus of Adam's talk is to discuss the reverse engineering of Java JAR files using the radare reverse engineering framework. These features include Java class file analysis and Java SSA extraction feature. This talk will utilize the Python scripting language primary for dynamic analysis, but the examples used in the talk should be easily transferable into the other scripting languages.


Adam is an independent information security consultant, who is pursuing his PhD in Computer Science under the supervision of Dr. Dan Wallach at Rice University. He is also an active contributor to the radare reverse engineering framework, where he has contributed support for analyzing Java class files along with several other features. Adam began his information security career in U.S. Army as an Infantryman after which he went on to complete a B.S. in Electrical. Engineering and an M.S. in Engineering at the University of Texas. Prior to returning graduate school at Rice, Adam was responsible for helping to build internal security testing standards and guidelines, developing tools, and executing engagements at Praetorian. Adam consults on a wide range of topics that including code reviews, threat modeling, and software penetration testing. Additionally, he has also presented on a wide range of information security topics as a lecturer and instructor in public, private, and academic settings.

Back to Top

Owasp Houston March Chapter Meeting

When: Thursday, March 13, 2014 6:00 PM to 9:00 PM

Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

We will be hosting this year's first OWASP Houston Happy Hour from 6PM-9PM on March 13th, 2014. OWASP meetings are equally free to members and non-members.

Join us in discussing application security and recent security related news over Texas brewed beers and tasty snacks. Beer and snacks are generously provided by our sponsors, White Hat Security and Alert Logic.

Sponsors: White Hat Security & Alertlogic

Back to Top

Owasp Houston February Chapter Meeting

When: Thursday, February 20, 2014 6:00 PM to 9:00 PM

Where: TXRX Labs 205 Roberts St · Houston, TX

Title: Metasploit Workshop

We have a new venue sponsored by TXRX Labs (http://txrxlabs.org). If you haven't been to TXRX labs its 16,000-square-foot hacker space on the east side of downtown. They provide educational classes like Intro to LinuxCNC (http://txrxlabs.org/classes/intro-to-linuxcnc-fall-2013_172/) and host recreational programming events. (http://txrxlabs.org/event/348/recreational-computer-programming-group/) They also have classes on knitting, welding, soldering, bike repair, and pancakes. This is a great space for learning in Houston and that's why we're exploring its use for OWASP workshops.


Our first Workshop topic for 2014 will be an introduction to Metasploit led by Dennis Maldonado(@DennisMald).
Dennis will be hosting a workshop on Metasploit and how it can be utilized for web application security assessments.
If you haven't been to an OWASP Houston Workshop before, you are encouraged to bring a laptop to follow along with the presentation, ask questions, and test out concepts. Dennis recommends bringing the latest version of Metasploit (currently 4.8.2) and Kali Linux (Currently 1.0.6, any architecture)

Workshop Host: Dennis Maldonado

Dennis is a security enthusiast/researcher with an interest in web application security and how web application vulnerabilities can be used to gain a foothold into the network.

Agenda

  • Reception 6PM-7PM
  • Presentation 7PM-8PM
  • Questions/Audience Participation 8PM-9PM

Back to Top

2013

Owasp Houston November Chapter Meeting

When: Thursday, November 14, 2013 6:00 PM to 9:00 PM
Where: Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX

Title: Mini-Con

Please join us on November 14th for the fourth installment of OWASP Houston's 2013 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.


Reception begins at 6:00PM. Our speakers at this event included Jason Reeder, Johnathan Kuskos, and Daniel Buentello. Jason will starting the evening with our first presentation at 6:30PM. The event will be finished by 9:00PM.
This will be the last meeting of 2013. Thank you for all your support. We are currently planning the 2014 year.
To find out about future events, sign up for our meetup group. (http://www.meetup.com/OWASP-Houston/)

Speaker: Johnathan Kuskos

Kuskos is a Senior Application Security Engineer and newly appointed Security Check Supervisor for WhiteHat Security. He has a bad habit of going home and hacking after he's done hacking at his day job. As an active participant in responsible disclosure, he can be found on publicly recognized "Whitehat" lists for Shopify, Twitter, Mozilla, Netflix, Google, Meraki, LastPass, Barracuda Networks, and Etsy.

Title: WAF bypassing, breaking client-side validation, and advanced SQL injection obsfucation

The first bandaid that web app administrators typically apply to their site is a web application firewall. Most lack the technical skill set to tune it properly, or leave default settings "as is". Whitelists can be difficult to customize appropriately and blacklists usually fall prey to persistent attackers. Spoiler alert: All WAF's can be bypassed. This becomes even more devastating when the WAF is the only line of defense. This presentation will focus on injection obfuscation, and include a few cool tricks for bypassing pesky WAF blacklists and filters that I've come across on my journey to become a more thorough penetration tester.

Speaker: Daniel Buentello

Title: Weaponizing your Coffee Pot

As SoC price continue to drop and their implementation continues to rise, connected “”appliances”" (Internet of Things)will become an attractive avenue for cybercriminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard) If one were able to compromise an embedded host it would be the perfect vantage point for a MITM attack or a beachhead to launch other attacks. I plan to guide you through some of the steps from initial reconnaissance to building binaries for different architectures. Then end goal being to take over the host without breaking designed functionality (stealthy), being able to run third-party binaries at the start (lethal), and surviving basic removal techniques (persistent) aka weaponizing.

Sponsors:

  • HP
  • Accuvant
  • Baracuda
  • Alert Logic
  • cPanel

Back to Top

Owasp Houston October Chapter Meeting

When: Thursday, October 17, 2013 6:00 PM to 9:00 PM
Where: 1776 Yorktown 1776 Yorktown Street Houston, TX

Title: Oktoberfest Workshop

Please join us for another OWASP Houston workshop. Stuart Dunsmore (GCIA, GREM) will be leading a lesson on reverse engineering of malware by dissecting some malware that was caught as part of an email campaign. Additionally, Mukul Gupta (PhD, GCIA, GWEB, CISSP, CISA, CAP) will be providing some crypto challenges. Join us to use your brain and a command line to solve puzzles for prizes.

Agenda

Food, drinks, and crypto puzzles served from 6:00-8:??, Stuart will speak from 6:30 to 7:15. From 7:15 attendees may work through some of his lesson on their own and ask Stuart questions. Real malware samples will be provided. If you intend on participating please bring a computer with a virtual machine ready to go with an Evaluation copy of IDA pro.

Sponsors: Karbach Brewery

Back to Top

Owasp Houston September Chapter Meeting

When: Thursday, September 19, 2013 6:00 PM to 9:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Please join us at Stag's Head pub on September 19th at 6PM for an OWASP Houston Happy Hour. Drinks are on us while the budget lasts. This will be the last Happy Hour meeting of the year.

Back to Top

Owasp Houston August Chapter Meeting

When: Thursday, August 15, 2013 6:00 PM to 9:00 PM
Where: Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX

Title: Mini-Con

Please join us for another OWASP Houston Mini-Con on August 15th at 6PM. Please register on EventBrite to guarantee seating. (http://august-mini-con.eventbrite.com) Registration will be open July 29th at 10AM.

Speaker: Georgia Weidman

Georgia has worked in information security in both the public and private sectors. She recently founded her own security firm, Bulb Security LLC focusing on security training, research and development, and penetration testing. She began speaking at security conferences at Shmoocon 2011 and has had a full schedule ever since, presenting all over the world. To name a few she has spoken at Security Zone, Takedowncon, Hacker Halted, Defcon Wireless Village, and many Bsides events.


Georgia was recently awarded a DARPA Cyber Fast Track grant to continue her smartphone security research. Georgia’s security work has been featured in print articles including Ars Technica, PC World, and MIT Technology Review. She’s also discussed security on television on programs such as Fox News Live and 16×9 on Global TV Canada.

Title: Can You Hear Me Now?

Leveraging Mobile Devices on Pentests BYOD is not a new concept. From contractor laptops to an employee’s game console in the break room, a compromised device in the corporate environment can lead to all sorts of bad things. In this talk we will look at the unique threats that BYOD for mobile devices brings to the table. The most security conscious corporations are deploying the latest devices and policies to stop attackers from breaching the perimeter and if they do to stop data exfiltration. We will discuss how mobile devices on a corporate network and/or handling company data undermines these efforts. We will look at multiple mobile platforms gathering sensitive information, attacking other devices such as other mobile devices, servers, and workstations, and using out of band communication to perform data exfiltration and communicate with internal devices. Multiple live demo scenarios will be shown and some useful code for pentesters will be released.

Speaker: Clint Pollock

Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.

Title: Tips for Building a Successful Application Security Program Application

Vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product. The development environment is becoming increasingly complex – application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software. Ensuring these entities are creating secure software is becoming a daunting task. Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your applications. During this presentation we will recap the state of software security today and discuss detailed actions you can take to build a successful application security program that is centralized, policy-driven, and comprehensive.

Back to Top

Owasp Houston July Chapter Meeting

When: Thursday, July 18, 2013 6:00 PM to 9:00 PM
Where: 1706 Yorktown St 1706 Yorktown St Houston, Tx

Title: July Workshop

If you've been in application security for more than a day, you've probably heard about SQL injection. However, code injection flaws span a wide range of issues and are SQL is not unique in its susceptibility to injection attacks. In this class, we'll learn about another query language called XPath and discover how it, too, can be susceptible to injection attacks. Using the "XMLmao" testbed from the Magical Code Injection Rainbow suite, attendees will learn hands-on how to perform XPath injection attacks.
We will also have a copy of the testbed running on some virtual machines for everyone to test out after the workshop.

Workshop Host: Daniel Crowley

Daniel is a Managing Consultant for Trustwave's SpiderLabs team. Daniel has developed configurable testbeds such as SQLol, XSSmh and XMLmao for training and research regarding specific vulnerabilities. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE.

Back to Top

Owasp Houston June Chapter Meeting

When: Thursday, June 27, 2013 6:00 PM to 9:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Please join us next Thursday, June 27th. OWASP Houston will be are hosting a happy hour at Stag's Head pub starting at 6PM. I encourage you to come and participate in a discussion on possible OWASP projects that OWASP Houston community can get engaged with. We feel, as a chapter, we should be involved with at least one OWASP project. Please join us discuss how you can participate.

Back to Top

Owasp Houston May Chapter Meeting

When: Thursday, May 16, 2013 6:00 PM to 9:00 PM
Where: Sheraton Suites Houston Galleria 2400 West Loop S · Houston, TX

Title: Mini-Con

Reserve a ticket on eventbrite for entry
https://owasp-houston-may-mini-con.eventbrite.com/
RSVP does not guarantee entry.We will be opening eventbrite shortly
We're trying a new venue in the Galleria Area. Please join us in the Galleria area at the Sheraton Suites, 2400 West Loop South.

Speaker: Kevin Johnson

Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.

Title: Catching Flies with Mr Miyagi: Web Application Testing Techniques

In this talk based loosely around the Karate kid movies, Kevin John (CEO of Secure Ideas) will walk through some techniques to improve your web penetration testing techniques. Stop being the kid moved from NJ and dropped into a cruddy apartment. Learn the wax on/off of testing modern web applications.

Speaker: Terry Ray

Title: WTF, WAF Testing Framework

Presenting an approach to evaluating web application firewall capabilities that is suitable to the real world use case. Our methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. We will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment.

Sponsors:

  • Alert Logic
  • Barracuda
  • cPanel
  • Imperva

Back to Top

Owasp Houston April Chapter Meeting

When: Thursday, April 18, 2013 6:00 PM to 9:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title:

This event was originally intended to be a workshop. But, our speaker for this event fell through.
We will still have an informal meeting at Stag's Head for some adult beverages on April 18th at 6PM. If you want to have conversations about security topics and upcoming OWASP Houston plans please stop by.
Unlike usual, we will not be using the private room. We'll be in the general area. Look for people with laptops and backpacks.

Back to Top

Owasp Houston March Chapter Meeting

When: Thursday, March 14, 2013 6:00 PM to 8:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Please join us 6PM Thursday March 14th at Stag's Head for an OWASP Houston Happy Hour. We will provide beer, food, and conversations with security professionals. The lock picking table will also be present at this event, and we will be giving out prizes for challenge winners.
Stag's Head - 6PM Thursday March 14th http://www.stagsheadpub.com
2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby

Sponsors: Alertlogic & Imperva

Back to Top

Owasp Houston February Chapter Meeting

When: Thursday, February 21, 2013 6:00 PM to 9:00 PM
Where: The Westin Galleria Houston 5060 West Alabama Street · Houston, TX

Title: Mini-Con

Please read these details carefully. RSVP'ing on meetup.com will not guarantee entry to the event. This is a limited capacity event. If you would like to guarantee the availability of a seat please reserve a ticket with eventbrite.
https://owasp-feb-mini-con.eventbrite.com
Please join us in the Imperial Suite, located on the 24th floor of the Westin Galleria, on Thursday, February 21st at 6PM for the first OWASP Houston conference-style event of 2013.
The featured presentation will be delivered by Jason Chan, Cloud Security Architect from Netflix. Jason will be joining us to discuss Netflix approach to application security testing.

Sponsors:

  • Barracuda Networks
  • Imperva
  • Solid Border
  • AlertLogic

Back to Top

Owasp Houston January Chapter Meeting

When: Thursday, January 31, 2013 6:00 PM to 8:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Workshops

Join us on Thursday January 31st for an OWASP Houston Workshop. During this workshop attendees will be lead through the process of discovering and reporting vulnerabilities. We will start by reviewing source code for some common vulnerabilities. Once we identify interesting code, we will test the application to confirm our findings. Finally, we will discuss reporting. If you'd like to participate bring your laptop. You should prepare a virtual machine with Linux, Apache, Mysql, and PHP. If you just want to watch that's fine too.
Please join us 6PM Thursday January 31st at Stag's Head. http://www.stagsheadpub.com
2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby

Sponsors: Alertlogic & Imperva

Back to Top

2012

Owasp Houston March Chapter Meeting

When: Monday, November 19, 2012 6:00 PM to 9:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Kick-off Meeting

Thank you for your interest in OWASP Houston! We're planning a Kick-off meeting Monday November 19th to shape our plans for the 2013 year and we are looking for your participation. Please join us for food and drinks(beer) provided by our sponsor while we review aggregated survey results and finalize plans for our 2013 series of OWASP meetings.
Please join us 6PM Monday November 19th at Stag's Head. http://www.stagsheadpub.com
2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby
We are looking for additional people that are interested in helping OWASP Houston. So if you want to get involved now is the time.
Even though this is not a formal meeting I do expect some bugs will be discovered during the course of the meeting. So if you want to learn something come early.

Back to Top

Upcoming

Past

The chapter is in the process of obtaining sponsors and venues for meetings. Check back soon for further announcements

We are looking for sponsors

The Houston chapter is currently looking for sponsors to help us host some of the following events. If you would like more information about sponsoring our chapter, please reach out to Ryan Tierney or Benjamin Loula.

Event Types

OWASP Houston Chapter Meetings

The chapter meetings are the heart of the chapter. We need good content to bring to our members. Also, we need a good space that is welcoming and quiet for those attending to hear. We are looking for sponsors to help provide space and equipment for talks and presentations.

OWASP Houston Chapter Happy Hour Sponsorship

The chapter is looking for sponsors to help fund happy hours. This opportunity can benefit both the chapter and the sponsor.

OWASP Houston Chapter Technical Trainings

This chapter is looking to start helping build talent in this geographical area. We need to obtain training space, help setting up equipment, and even getting instructors here in the future.

OWASP Houston Chapter Presenter Sponsorships

The ability to help top tier presenters to get out to our chapter, we need some help. This level of sponsorship will do just that. We need help getting talented presenters to the area.