This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Houston"

From OWASP
Jump to: navigation, search
(October 14, 2009 :: CRM Security)
m
 
(210 intermediate revisions by 11 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Houston|extra=The chapter leaders are Mark Feferman, Paul Dial, Linda Fox and David Nester|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-houston|emailarchives=http://lists.owasp.org/pipermail/owasp-houston}}
+
{{Chapter Template|chaptername=Houston|extra=The chapter leaders are [mailto:[email protected] Ryan Tierney] and [mailto:benjamin.loula@owasp.org Benjamin Loula].
 +
|meetupurl=https://www.meetup.com/OWASP-Houston-Texas-Chapter/|region=United States}}
  
==== Local News ====
+
== Local News ==
 +
<br/>
 +
'''Everyone is welcome to join us at our chapter meetings.'''
 +
<br/>
 +
<br/>
  
The Houston Chapter will focus around Web Application Security issues with discussions on application layer vulnerabilties,  penetration testing, and secure coding practices within the numerous development languages.  Our chapter will meet on the second (2nd) Wednesday of each month and participation in OWASP Houston is free and open to all.  <br><br>Please subscribe to the [http://lists.owasp.org/mailman/listinfo/owasp-houston mailing list] for meeting announcements. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the Houston Chapter, send an email to [mailto:david.nester_at_owasp.org David Nester].
+
=Upcoming Events=
  
<paypal>Houston</paypal><br><br>
+
==2019==
 +
===OWASP Houston December Chapter Meeting===
  
==== Chapter Meetings ====
+
'''When:''' TBD
== October 14, 2009 ::  CRM Security ==
 
  
* February 10th
+
'''Where:''' TBD
* March 10th
 
* April 14th
 
* May 12th
 
* June 9th
 
* July 14th
 
* August 11th
 
* September 8th
 
* October 13th
 
  
 +
'''Time:''' TBD
  
*  [http://owasp.icrew.org/downloads/hccparking.pdf PLEASE download a parking permit for the event].
+
=Past Events=
<br><br><br><br>
+
==2019==
 +
===OWASP Houston October Chapter Meeting===
 +
'''When:''' Thursday, October 24, 2019
  
== Past Presentations ==
+
'''Where:''' 1001 Fanin Street, Suite 4550 Houston, TX 77002
 +
 +
'''Time:''' 6pm - 8pm
  
 +
'''Speaker:''' Dan Crowley
  
 +
<blockquote>
 +
Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.
 +
</blockquote>
  
* '''August 12, 2009 :  "SharePoint Auditing and Penetration Testing'' [http://owasp.icrew.org/downloads/OWASP_ShohnTrojacek.pdf'''Presentation Download'''] <br>Presentation by: Shohn Trojacek'''<br><br>
+
'''Title:''' Windows File Pseudonyms: Ten Years Later, Where are We?
  
* '''July 8, 2009 :  "Embedded System Security'' [http://owasp.icrew.org/downloads/EmbeddedSystemsSecurity.zip'''Presentation Download'''] <br>Presentation by:  Sam Denard'''<br><br>
+
<blockquote>
 +
This talk a revisiting of techniques and oddities related to how Windows handles file names and paths, and a discussion of what works, or doesn't, on Windows 10.
 +
</blockquote>
  
* '''June 10, 2009 : "Web Application Security and PHP.''' [http://owasp.icrew.org/downloads/EricCherian.zip'''Presentation Download'''] <br>Presentation by: Eric Cherian'''<br><br>
+
'''Speaker:''' Travis Horvath
 +
<blockquote>
 +
Travis is a reformed systems administrator and network analyst turned hacker. He enjoys collecting reverse shells and long lists of hashed passwords. When he’s not trying to find your mother’s maiden name, first pet, and street you grew up on, he’s tinkering with a 3D printer or quadcopterDuring his time as an infosec consultant, he’s appended several letters his title including “OSCP”, “OSWP”, and “CREST”.</blockquote>
  
* '''May 13, 2009 (A): "Securing connection strings in the Web.Config and App.Config files for .NET''' [http://owasp.icrew.org/downloads/Fef_Preso.zip'''Presentation Download'''] <br>Presentation by:  Mark Feferman, CISSP'''<br><br>
+
'''Title:''' The New Hotness: A briefing and demo of HTTP Request Smuggling
  
* '''May 13, 2009 (B):  "Stealing the Airlines Online Data''' [http://owasp.icrew.org/downloads/OWASP_Stealing_the_Airlines_Online_Data.pdf'''Presentation Download'''] <br>Presentation by: Quincy Jackson, CISSP'''<br><br>
+
<blockquote>
 +
A brief on the “new” HTTP desynchronization attack dubbed “HTTP Request Smuggling”, released by James Kettle at DEF CON and Black Hat this year. We will break down and demo the attack, detail what it is, how to test for it, and how to defend against it.</blockquote>
  
* '''April 8, 2009: "2009 Statistics Report and ClickJacking''' [http://owasp.icrew.org/downloads/owasp_houston_20090408.pdf'''Presentation Download''']<br>Presentation by David Nester, Director, Solutions Architecture, Whitehat Security. <br><br>
+
'''Sponsor:''' Experis
 +
===OWASP Houston September Chapter Meeting===
 +
'''When:''' Thursday, September 26, 2019
  
* '''August 19, 2008:  "Dirty Dozen" - Truth and facts about PCI DSS''' [http://owasp.icrew.org/downloads/pci_dss_dirty_dozen.pdf'''Presentation Download''']<br>Presentation by Genady Vishnevetsky, CISSP Director, IT Operations and Security. [http://www.paymetric.com/ Paymetric, Inc] <br><br>
+
'''Where:''' Flying Saucer Draught Emporium 705 Main St, Houston, TX 77002
  
* '''June 11, 2008: The OWASP Top 10''' [http://blog.microsoft-j.net/2008/06/12/ContentFromOWASPUserGroup.aspx'''Presentation Download''']<br>Presentation by [http://blog.microsoft-j.net/default.aspx J Sawyer], Developer Evangelist of [http://www.microsoft.com/ Microsoft]<br><br>
+
'''Time:''' 6pm - 8pm
  
* '''November 7, 2007: Black Box versus White Box: Different App Testing Strategies''' [http://owasp.icrew.org/downloads/owasp_houston_20071107.pdf'''Presentation Download''']<br>Presentation by [http://www.denimgroup.com/about_team_john.html John Dickson] of the [http://www.denimgroup.com/ Denim Group].<br><br>
+
'''Description:''' September our sponsor Experis will be helping us host a chapter meeting. This will be a happy hour event where we would like to meet our chapter members and get to know them a bit. This event will also be a chance for any of you to express the direction you would like to see the chapter go in.
  
* '''October 10, 2007 ::  Top 10 Website Attack Techniques''' [http://owasp.icrew.org/downloads/owasp_houston_20071010.pdf'''Presentation Download''']<br>Presentation by [http://jeremiahgrossman.blogspot.com/ Jeremiah Grossman], CTO, [http://www.whitehatsec.com/ Whitehat Security] <br><br>
+
'''Sponsor:''' Experis
  
*'''September 12, 2007: Fortify Software'''<br><br>
+
===OWASP Houston March Chapter Meeting===
  
*'''August 8, 2007: Atrysk Security [http://atrysk.blogspot.com/2008/01/atrysk-owasp-presentation.html Presentation Download]<br><br>
+
'''When:''' Wed, March 20, 2019 7 PM – whenever we are done
  
* '''June 5, 2007 :: Web 2.0''' [http://owasp.icrew.org/downloads/owasp_houston_20070605.pdf'''Presentation Download''']<br>Presentation by [http://denimgroup.typepad.com/denim_group/dan_cornell/index.html Dan Cornell] of the [http://www.denimgroup.com/ Denim Group]. <br><br><br><br><br>
+
'''Where:''' The Local Pour, The Woodlands, TX 77381
 +
 
 +
'''Description:''' This month we will be joining with the Woodlands Hackers Association to socialize. We will be in the glass room right inside the entrance. Wooha will be sponsoring this event by providing us a shared venue. After the regular WooHa meetup we will be socializing and would like to introduce ourselves and get to meet others in the chapter.
 +
 
 +
'''Note:''' This will not be a permanent location. We are still getting the chapter up and going and trying to finalize locations for events.
 +
 
 +
==2018==
 +
 
 +
===Owasp Houston April Chapter Meeting===
 +
 
 +
'''When:''' Wed, April 25, 2018 6:30 PM – 8:30 PM
 +
 
 +
'''Where:''' PROS 3100 Main 2nd floor, Room B Houston, TX 77002
 +
 
 +
'''Speaker:''' Mahesh Babu, Head of Product Strategy, Contrast Security
 +
<blockquote>Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.</blockquote>
 +
 
 +
'''Title:''' A phased approach to building security automation into your CI/CD
 +
<blockquote> So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach.</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston February Chapter Meeting===
 +
'''When:''' Wed, February 28, 2018 6:30 PM – 8:30 PM
 +
 
 +
'''Where:''' PROS 3100 Main 2nd floor, Room B Houston, TX 77002
 +
 
 +
'''Speaker:''' Houston Java Users Group
 +
 
 +
'''Title:''' App Security Really Will Make You Money!
 +
<blockquote> When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees.</blockquote>
 +
 
 +
'''Sponsor:''' Checkmarx <br><br>
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
==2017==
 +
===Owasp Houston July Chapter Meeting===
 +
'''When:''' Tuesday July, 2017 at 6:30 PM
 +
 
 +
'''Where:''' NetIQ Corp 515 Post Oak Blvd, Houston, TX 77027
 +
 
 +
'''Speaker:''' Greg Anderson
 +
<blockquote>Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page: https://www.owasp.org/index.php/User:Devgreg</blockquote>
 +
 
 +
'''Title:''' Making Vulnerability Management Less Painful with OWASP DefectDojo
 +
<blockquote> DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston May Chapter Meeting===
 +
'''When:''' Tuesday May 23, 2017 at 6:00PM
 +
 
 +
'''Where:''' Lucky’s Pub Downtown 801 St Emanuel Street, Houston, TX 77003
 +
 
 +
'''Title:''' General Discussions and Networking
 +
<blockquote>Our May meeting will be a discussion and forum focusing on OWASP projects and chapter roadmap. Discussion about:<br>
 +
* OWASP Projects and events
 +
* Proposed topics for next meetings
 +
* Suggestions for becoming better involved in both the application development and security initiatives
 +
* Open discussion of current trends
 +
</blockquote>
 +
'''Agenda:'''
 +
<blockquote>
 +
* 6:00 PM: Networking
 +
* 6:30 PM: Start of discussion
 +
* 8:00 PM Wrap-up and head home
 +
</blockquote>
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston January Chapter Meeting===
 +
'''When:''' Sunday, January 8, 2017 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' Poison Girl 1641 Westheimer · Houston, TX
 +
 
 +
'''Title:'''  New Year Kick-off
 +
<blockquote>We will be hosting a New Year kick-off event to get the year started. This is a social meeting. Please join us to hear about our planned schedule for the year. We are interested in hearing directly from you on the kinds of application security talks and speakers you would like to see this year.
 +
</blockquote>
 +
 
 +
'''Sponsor:''' Alertlogic
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
==2016==
 +
'''N/A'''
 +
==2015==
 +
===Owasp Houston March Chapter Meeting===
 +
'''When:''' Thursday, March 26, 2015 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:'''  Happy Hour
 +
<blockquote>Welcome back to 2015 and our first event of the year. Now that Rodeo season is wrapping up what better way to reconnect with your AppSec friends than one of our Happy Hours.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
==2014==
 +
===Owasp Houston December Chapter Meeting===
 +
'''When:''' Wednesday, December 17, 2014 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' The Original OKRA Charity Saloon 924 Congress St · Houston, TX
 +
 
 +
'''Title:'''  Happy Hour
 +
<blockquote>Season's greetings Houston,<br>
 +
 
 +
We wanted to end the year with a social event. Join OWASP Houston to talk security on December 17th at Okra Charity Saloon at 924 Congress St. in downtown at 6:00 PM this Wednesday. We will be discussing some of our plans for the 2015 year and changes to chapter leadership.
 +
<br>
 +
When Houston was founded in 1836, the intersection at Congress and Main was the city’s primary intersection and shaped downtown Houston’s development. The bar, located at 924 Congress, initially opened as the Original Casino Saloon in 1882 and remained open until Prohibition. The original circle arch and barrel vault ceilings are still intact today.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston April Chapter Meeting===
 +
'''When:''' Thursday, April 10, 2014 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' The Westin Galleria Houston 5060 West Alabama Street · Houston, TX
 +
 
 +
'''Title:''' Owasp Houston Mini-Con
 +
<blockquote>Please join us on April 10th for the first installment of OWASP Houston's 2014 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.
 +
<br>
 +
https://owasp-houston-april-mini-con.eventbrite.com
 +
<br><br>
 +
This event will be held in the Westin at the Galleria. Free parking is available in the Galleria parking garage. We will be in the imperial ballroom. This is the same room that our first Mini-con was held in.
 +
<br>
 +
Reception begins at 6:00PM. Our speakers at this event included Adam Prigden, and Tyler Borland. First presentation at 7:00PM. The event will be finished by 9:00PM.
 +
<br>
 +
We may have a late announcement on a third speaker.
 +
</blockquote>
 +
 
 +
'''Speaker:''' Tyler Borland
 +
<blockquote>The primary focus of Tyler's talk is PHP Object Insertion. PHP Object Insertion, unserialize(), has been hitting the public circuit of popular software recently. Ever wondered what exactly it is and how to exploit it? This talk will walk you through a real, but patched, vulnerability and how to write a stable exploit for it. This talk will cover looking at PHP code, awesome Python exploit writing, and interesting things about PHP you might not have known on the adventure to creating a stable exploit.
 +
<br>
 +
Tyler Borland, TurboBorland, is forced to do a bio even though he is not good at it. He's one of those odd people with an affinity for breaking software and teaching people how to do it. Credentials? Since when do they make me a ninja turtle? Just know your trek into my talk will be one filled with danger and intrigue!</blockquote>
 +
 
 +
'''Speaker:''' Adam Prigden
 +
<blockquote>The primary focus of Adam's talk is to discuss the reverse engineering of Java JAR files using the radare reverse engineering framework. These features include Java class file analysis and Java SSA extraction feature. This talk will utilize the Python scripting language primary for dynamic analysis, but the examples used in the talk should be easily transferable into the other scripting languages.
 +
<br>
 +
Adam is an independent information security consultant, who is pursuing his PhD in Computer Science under the supervision of Dr. Dan Wallach at Rice University. He is also an active contributor to the radare reverse engineering framework, where he has contributed support for analyzing Java class files along with several other features. Adam began his information security career in U.S. Army as an Infantryman after which he went on to complete a B.S. in Electrical. Engineering and an M.S. in Engineering at the University of Texas. Prior to returning graduate school at Rice, Adam was responsible for helping to build internal security testing standards and guidelines, developing tools, and executing engagements at Praetorian. Adam consults on a wide range of topics that including code reviews, threat modeling, and software penetration testing. Additionally, he has also presented on a wide range of information security topics as a lecturer and instructor in public, private, and academic settings.</blockquote>
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston March Chapter Meeting===
 +
'''When:''' Thursday, March 13, 2014 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:'''  Happy Hour
 +
<blockquote>We will be hosting this year's first OWASP Houston Happy Hour from 6PM-9PM on March 13th, 2014. OWASP meetings are equally free to members and non-members.
 +
 
 +
Join us in discussing application security and recent security related news over Texas brewed beers and tasty snacks. Beer and snacks are generously provided by our sponsors, White Hat Security and Alert Logic.
 +
</blockquote>
 +
 
 +
'''Sponsors:''' White Hat Security & Alertlogic
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston February Chapter Meeting===
 +
'''When:''' Thursday, February 20, 2014 6:00 PM to 9:00 PM
 +
 
 +
'''Where:''' TXRX Labs 205 Roberts St · Houston, TX
 +
 
 +
'''Title:'''  Metasploit Workshop
 +
<blockquote>We have a new venue sponsored by TXRX Labs (http://txrxlabs.org). If you haven't been to TXRX labs its 16,000-square-foot hacker space on the east side of downtown. They provide educational classes like Intro to LinuxCNC (http://txrxlabs.org/classes/intro-to-linuxcnc-fall-2013_172/) and host recreational programming events. (http://txrxlabs.org/event/348/recreational-computer-programming-group/) They also have classes on knitting, welding, soldering, bike repair, and pancakes. This is a great space for learning in Houston and that's why we're exploring its use for OWASP workshops.
 +
<br>
 +
Our first Workshop topic for 2014 will be an introduction to Metasploit led by Dennis Maldonado(@DennisMald).
 +
<br>
 +
Dennis will be hosting a workshop on Metasploit and how it can be utilized for web application security assessments.
 +
<br>
 +
If you haven't been to an OWASP Houston Workshop before, you are encouraged to bring a laptop to follow along with the presentation, ask questions, and test out concepts. Dennis recommends bringing the latest version of Metasploit (currently 4.8.2) and Kali Linux (Currently 1.0.6, any architecture)
 +
</blockquote>
 +
 
 +
'''Workshop Host:''' Dennis Maldonado
 +
<blockquote>Dennis is a security enthusiast/researcher with an interest in web application security and how web application vulnerabilities can be used to gain a foothold into the network.</blockquote>
 +
 
 +
'''Agenda'''
 +
<blockquote>
 +
* Reception 6PM-7PM
 +
* Presentation 7PM-8PM
 +
* Questions/Audience Participation 8PM-9PM
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
==2013==
 +
===Owasp Houston November Chapter Meeting===
 +
'''When:''' Thursday, November 14, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX
 +
 
 +
'''Title:''' Mini-Con
 +
<blockquote>Please join us on November 14th for the fourth installment of OWASP Houston's 2013 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.
 +
<br>
 +
Reception begins at 6:00PM. Our speakers at this event included Jason Reeder, Johnathan Kuskos, and Daniel Buentello. Jason will starting the evening with our first presentation at 6:30PM. The event will be finished by 9:00PM.
 +
<br>
 +
This will be the last meeting of 2013. Thank you for all your support. We are currently planning the 2014 year.
 +
<br>
 +
To find out about future events, sign up for our meetup group. (http://www.meetup.com/OWASP-Houston/)
 +
</blockquote>
 +
 
 +
'''Speaker:''' Johnathan Kuskos
 +
<blockquote>Kuskos is a Senior Application Security Engineer and newly appointed Security Check Supervisor for WhiteHat Security. He has a bad habit of going home and hacking after he's done hacking at his day job. As an active participant in responsible disclosure, he can be found on publicly recognized "Whitehat" lists for Shopify, Twitter, Mozilla, Netflix, Google, Meraki, LastPass, Barracuda Networks, and Etsy.</blockquote>
 +
 
 +
'''Title:''' WAF bypassing, breaking client-side validation, and advanced SQL injection obsfucation
 +
<blockquote>The first bandaid that web app administrators typically apply to their site is a web application firewall. Most lack the technical skill set to tune it properly, or leave default settings "as is". Whitelists can be difficult to customize appropriately and blacklists usually fall prey to persistent attackers. Spoiler alert: All WAF's can be bypassed. This becomes even more devastating when the WAF is the only line of defense. This presentation will focus on injection obfuscation, and include a few cool tricks for bypassing pesky WAF blacklists and filters that I've come across on my journey to become a more thorough penetration tester.</blockquote>
 +
 
 +
'''Speaker:''' Daniel Buentello
 +
 
 +
'''Title:''' Weaponizing your Coffee Pot
 +
<blockquote>As SoC price continue to drop and their implementation continues to rise, connected “”appliances”" (Internet of Things)will become an attractive avenue for cybercriminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard) If one were able to compromise an embedded host it would be the perfect vantage point for a MITM attack or a beachhead to launch other attacks. I plan to guide you through some of the steps from initial reconnaissance to building binaries for different architectures. Then end goal being to take over the host without breaking designed functionality (stealthy), being able to run third-party binaries at the start (lethal), and surviving basic removal techniques (persistent) aka weaponizing.</blockquote>
 +
 
 +
'''Sponsors:'''  
 +
* HP
 +
* Accuvant
 +
* Baracuda
 +
* Alert Logic
 +
* cPanel
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston October Chapter Meeting===
 +
'''When:''' Thursday, October 17, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' 1776 Yorktown 1776 Yorktown Street Houston, TX
 +
 
 +
'''Title:''' Oktoberfest Workshop
 +
<blockquote>
 +
Please join us for another OWASP Houston workshop. Stuart Dunsmore (GCIA, GREM) will be leading a lesson on reverse engineering of malware by dissecting some malware that was caught as part of an email campaign. Additionally, Mukul Gupta (PhD, GCIA, GWEB, CISSP, CISA, CAP) will be providing some crypto challenges. Join us to use your brain and a command line to solve puzzles for prizes.
 +
</blockquote>
 +
 
 +
'''Agenda'''
 +
<blockquote>Food, drinks, and crypto puzzles served from 6:00-8:??, Stuart will speak from 6:30 to 7:15. From 7:15 attendees may work through some of his lesson on their own and ask Stuart questions. Real malware samples will be provided. If you intend on participating please bring a computer with a virtual machine ready to go with an Evaluation copy of IDA pro.</blockquote>
 +
 
 +
'''Sponsors:'''  Karbach Brewery
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston September Chapter Meeting===
 +
'''When:''' Thursday, September 19, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:'''  Happy Hour
 +
<blockquote>
 +
Please join us at Stag's Head pub on September 19th at 6PM for an OWASP Houston Happy Hour. Drinks are on us while the budget lasts. This will be the last Happy Hour meeting of the year.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston August Chapter Meeting===
 +
'''When:''' Thursday, August 15, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX
 +
 
 +
'''Title:''' Mini-Con
 +
<blockquote>
 +
Please join us for another OWASP Houston Mini-Con on August 15th at 6PM. Please register on EventBrite to guarantee seating. (http://august-mini-con.eventbrite.com) Registration will be open July 29th at 10AM.
 +
</blockquote>
 +
 
 +
'''Speaker:''' Georgia Weidman
 +
<blockquote>Georgia has worked in information security in both the public and private sectors. She recently founded her own security firm, Bulb Security LLC focusing on security training, research and development, and penetration testing. She began speaking at security conferences at Shmoocon 2011 and has had a full schedule ever since, presenting all over the world. To name a few she has spoken at Security Zone, Takedowncon, Hacker Halted, Defcon Wireless Village, and many Bsides events.
 +
<br>
 +
Georgia was recently awarded a DARPA Cyber Fast Track grant to continue her smartphone security research. Georgia’s security work has been featured in print articles including Ars Technica, PC World, and MIT Technology Review. She’s also discussed security on television on programs such as Fox News Live and 16×9 on Global TV Canada.</blockquote>
 +
 
 +
'''Title:''' Can You Hear Me Now?
 +
<blockquote>Leveraging Mobile Devices on Pentests BYOD is not a new concept. From contractor laptops to an employee’s game console in the break room, a compromised device in the corporate environment can lead to all sorts of bad things. In this talk we will look at the unique threats that BYOD for mobile devices brings to the table. The most security conscious corporations are deploying the latest devices and policies to stop attackers from breaching the perimeter and if they do to stop data exfiltration. We will discuss how mobile devices on a corporate network and/or handling company data undermines these efforts. We will look at multiple mobile platforms gathering sensitive information, attacking other devices such as other mobile devices, servers, and workstations, and using out of band communication to perform data exfiltration and communicate with internal devices. Multiple live demo scenarios will be shown and some useful code for pentesters will be released.</blockquote>
 +
 
 +
'''Speaker:''' Clint Pollock
 +
<blockquote>Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.</blockquote>
 +
 
 +
'''Title:''' Tips for Building a Successful Application Security Program Application
 +
<blockquote>Vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product. The development environment is becoming increasingly complex – application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software. Ensuring these entities are creating secure software is becoming a daunting task. Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your applications. During this presentation we will recap the state of software security today and discuss detailed actions you can take to build a successful application security program that is centralized, policy-driven, and comprehensive.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston July Chapter Meeting===
 +
'''When:''' Thursday, July 18, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' 1706 Yorktown St 1706 Yorktown St Houston, Tx
 +
 
 +
'''Title:''' July Workshop
 +
<blockquote>
 +
If you've been in application security for more than a day, you've probably heard about SQL injection. However, code injection flaws span a wide range of issues and are SQL is not unique in its susceptibility to injection attacks. In this class, we'll learn about another query language called XPath and discover how it, too, can be susceptible to injection attacks. Using the "XMLmao" testbed from the Magical Code Injection Rainbow suite, attendees will learn hands-on how to perform XPath injection attacks.
 +
<br>
 +
We will also have a copy of the testbed running on some virtual machines for everyone to test out after the workshop.
 +
</blockquote>
 +
'''Workshop Host:''' Daniel Crowley
 +
<blockquote>Daniel is a Managing Consultant for Trustwave's SpiderLabs team. Daniel has developed configurable testbeds such as SQLol, XSSmh and XMLmao for training and research regarding specific vulnerabilities. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE.</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston June Chapter Meeting===
 +
'''When:''' Thursday, June 27, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:''' Happy Hour
 +
<blockquote>Please join us next Thursday, June 27th. OWASP Houston will be are hosting a happy hour at Stag's Head pub starting at 6PM. I encourage you to come and participate in a discussion on possible OWASP projects that OWASP Houston community can get engaged with. We feel, as a chapter, we should be involved with at least one OWASP project. Please join us discuss how you can participate.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston May Chapter Meeting===
 +
'''When:''' Thursday, May 16, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Sheraton Suites Houston Galleria 2400 West Loop S · Houston, TX
 +
 
 +
'''Title:''' Mini-Con
 +
<blockquote>
 +
Reserve a ticket on eventbrite for entry<br>
 +
https://owasp-houston-may-mini-con.eventbrite.com/<br>
 +
RSVP does not guarantee entry.We will be opening eventbrite shortly<br>
 +
We're trying a new venue in the Galleria Area. Please join us in the Galleria area at the Sheraton Suites, 2400 West Loop South.
 +
</blockquote>
 +
 
 +
'''Speaker:''' Kevin Johnson
 +
<blockquote>Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.</blockquote>
 +
 
 +
'''Title:''' Catching Flies with Mr Miyagi: Web Application Testing Techniques
 +
<blockquote>In this talk based loosely around the Karate kid movies, Kevin John (CEO of Secure Ideas) will walk through some techniques to improve your web penetration testing techniques. Stop being the kid moved from NJ and dropped into a cruddy apartment. Learn the wax on/off of testing modern web applications.</blockquote>
 +
 
 +
'''Speaker:''' Terry Ray
 +
 
 +
'''Title:''' WTF, WAF Testing Framework
 +
<blockquote>Presenting an approach to evaluating web application firewall capabilities that is suitable to the real world use case. Our methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. We will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment.</blockquote>
 +
 
 +
'''Sponsors:'''
 +
* Alert Logic
 +
* Barracuda
 +
* cPanel
 +
* Imperva
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston April Chapter Meeting===
 +
'''When:''' Thursday, April 18, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:''' 
 +
<blockquote>
 +
This event was originally intended to be a workshop. But, our speaker for this event fell through.
 +
<br>
 +
We will still have an informal meeting at Stag's Head for some adult beverages on April 18th at 6PM. If you want to have conversations about security topics and upcoming OWASP Houston plans please stop by.
 +
<br>
 +
Unlike usual, we will not be using the private room. We'll be in the general area. Look for people with laptops and backpacks.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston March Chapter Meeting===
 +
'''When:''' Thursday, March 14, 2013 6:00 PM to 8:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:''' Happy Hour
 +
<blockquote>
 +
Please join us 6PM Thursday March 14th at Stag's Head for an OWASP Houston Happy Hour. We will provide beer, food, and conversations with security professionals. The lock picking table will also be present at this event, and we will be giving out prizes for challenge winners.
 +
<br>
 +
Stag's Head - 6PM Thursday March 14th
 +
http://www.stagsheadpub.com
 +
<br>
 +
2128 Portsmouth St
 +
Houston, TX 77098
 +
Neighborhood: Upper Kirby
 +
 
 +
</blockquote>
 +
 
 +
'''Sponsors:''' Alertlogic & Imperva
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston February Chapter Meeting===
 +
'''When:''' Thursday, February 21, 2013 6:00 PM to 9:00 PM<br>
 +
'''Where:''' The Westin Galleria Houston 5060 West Alabama Street · Houston, TX
 +
 
 +
'''Title:''' Mini-Con
 +
<blockquote>
 +
Please read these details carefully. RSVP'ing on meetup.com will not guarantee entry to the event. This is a limited capacity event. If you would like to guarantee the availability of a seat please reserve a ticket with eventbrite.
 +
<br>
 +
https://owasp-feb-mini-con.eventbrite.com
 +
<br>
 +
Please join us in the Imperial Suite, located on the 24th floor of the Westin Galleria, on Thursday, February 21st at 6PM for the first OWASP Houston conference-style event of 2013.
 +
<br>
 +
The featured presentation will be delivered by Jason Chan, Cloud Security Architect from Netflix. Jason will be joining us to discuss Netflix approach to application security testing.
 +
</blockquote>
 +
 
 +
'''Sponsors:'''
 +
* Barracuda Networks
 +
* Imperva
 +
* Solid Border
 +
* AlertLogic
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
===Owasp Houston January Chapter Meeting===
 +
'''When:''' Thursday, January 31, 2013 6:00 PM to 8:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:''' Workshops
 +
<blockquote>
 +
Join us on Thursday January 31st for an OWASP Houston Workshop. During this workshop attendees will be lead through the process of discovering and reporting vulnerabilities. We will start by reviewing source code for some common vulnerabilities. Once we identify interesting code, we will test the application to confirm our findings. Finally, we will discuss reporting. If you'd like to participate bring your laptop. You should prepare a virtual machine with Linux, Apache, Mysql, and PHP. If you just want to watch that's fine too.
 +
<br>
 +
Please join us 6PM Thursday January 31st at Stag's Head.
 +
http://www.stagsheadpub.com
 +
<br>
 +
2128 Portsmouth St
 +
Houston, TX 77098
 +
Neighborhood: Upper Kirby
 +
</blockquote>
 +
 
 +
'''Sponsors:''' Alertlogic & Imperva
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
==2012==
 +
===Owasp Houston March Chapter Meeting===
 +
'''When:''' Monday, November 19, 2012 6:00 PM to 9:00 PM<br>
 +
'''Where:''' Stag's Head Pub 2128 Portsmouth St · Houston, TX
 +
 
 +
'''Title:''' Kick-off Meeting
 +
<blockquote>
 +
Thank you for your interest in OWASP Houston! We're planning a Kick-off meeting Monday November 19th to shape our plans for the 2013 year and we are looking for your participation. Please join us for food and drinks(beer) provided by our sponsor while we review aggregated survey results and finalize plans for our 2013 series of OWASP meetings.
 +
<br>
 +
Please join us 6PM Monday November 19th at Stag's Head.
 +
http://www.stagsheadpub.com
 +
<br>
 +
2128 Portsmouth St
 +
Houston, TX 77098
 +
Neighborhood: Upper Kirby
 +
<br>
 +
We are looking for additional people that are interested in helping OWASP Houston. So if you want to get involved now is the time.
 +
<br>
 +
Even though this is not a formal meeting I do expect some bugs will be discovered during the course of the meeting. So if you want to learn something come early.
 +
</blockquote>
 +
 
 +
[[#Listing of Past Events|Back to Top]]
 +
 
 +
=Training Days=
 +
==Upcoming==
 +
==Past==
 +
 
 +
=Announcements=
 +
<blockquote>The chapter is in the process of obtaining sponsors and venues for meetings.  Check back soon for further announcements</blockquote>
 +
 
 +
=Sponsorship Info=
 +
==We are looking for sponsors==
 +
<blockquote>The Houston chapter is currently looking for sponsors to help us host some of the following events. If you would like more information about sponsoring our chapter, please reach out to [mailto:[email protected] Ryan Tierney] or [mailto:[email protected] Benjamin Loula].</blockquote>
 +
 
 +
===Event Types===
 +
'''OWASP Houston Chapter Meetings'''
 +
<blockquote>The chapter meetings are the heart of the chapter. We need good content to bring to our members. Also, we need a good space that is welcoming and quiet for those attending to hear. We are looking for sponsors to help provide space and equipment for talks and presentations.</blockquote>
 +
'''OWASP Houston Chapter Happy Hour Sponsorship'''
 +
<blockquote>The chapter is looking for sponsors to help fund happy hours. This opportunity can benefit both the chapter and the sponsor.</blockquote>
 +
'''OWASP Houston Chapter Technical Trainings'''
 +
<blockquote>This chapter is looking to start helping build talent in this geographical area. We need to obtain training space, help setting up equipment, and even getting instructors here in the future.</blockquote>
 +
'''OWASP Houston Chapter Presenter Sponsorships'''
 +
<blockquote>The ability to help top tier presenters to get out to our chapter, we need some help.  This level of sponsorship will do just that.  We need help getting talented presenters to the area.</blockquote>
 +
__NOTOC__ <headertabs></headertabs>  
  
==== Houston OWASP Chapter Leaders ====
 
Our chapter leaders are Mark Feferman, Linda Fox, Paul Dial and David Nester.
 
__NOTOC__
 
<headertabs/>
 
  
 
[[Category:OWASP Chapter]]
 
[[Category:OWASP Chapter]]

Latest revision as of 12:45, 31 October 2019

OWASP Houston

Welcome to the Houston chapter homepage. The chapter leaders are Ryan Tierney and Benjamin Loula.

Upcoming Events

Meetup_logo3.jpg Houston Schedule of Events

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Local News


Everyone is welcome to join us at our chapter meetings.

2019

OWASP Houston December Chapter Meeting

When: TBD

Where: TBD

Time: TBD

2019

OWASP Houston October Chapter Meeting

When: Thursday, October 24, 2019

Where: 1001 Fanin Street, Suite 4550 Houston, TX 77002

Time: 6pm - 8pm

Speaker: Dan Crowley

Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.

Title: Windows File Pseudonyms: Ten Years Later, Where are We?

This talk a revisiting of techniques and oddities related to how Windows handles file names and paths, and a discussion of what works, or doesn't, on Windows 10.

Speaker: Travis Horvath

Travis is a reformed systems administrator and network analyst turned hacker. He enjoys collecting reverse shells and long lists of hashed passwords. When he’s not trying to find your mother’s maiden name, first pet, and street you grew up on, he’s tinkering with a 3D printer or quadcopter. During his time as an infosec consultant, he’s appended several letters his title including “OSCP”, “OSWP”, and “CREST”.

Title: The New Hotness: A briefing and demo of HTTP Request Smuggling

A brief on the “new” HTTP desynchronization attack dubbed “HTTP Request Smuggling”, released by James Kettle at DEF CON and Black Hat this year. We will break down and demo the attack, detail what it is, how to test for it, and how to defend against it.

Sponsor: Experis

OWASP Houston September Chapter Meeting

When: Thursday, September 26, 2019

Where: Flying Saucer Draught Emporium 705 Main St, Houston, TX 77002

Time: 6pm - 8pm

Description: September our sponsor Experis will be helping us host a chapter meeting. This will be a happy hour event where we would like to meet our chapter members and get to know them a bit. This event will also be a chance for any of you to express the direction you would like to see the chapter go in.

Sponsor: Experis

OWASP Houston March Chapter Meeting

When: Wed, March 20, 2019 7 PM – whenever we are done

Where: The Local Pour, The Woodlands, TX 77381

Description: This month we will be joining with the Woodlands Hackers Association to socialize. We will be in the glass room right inside the entrance. Wooha will be sponsoring this event by providing us a shared venue. After the regular WooHa meetup we will be socializing and would like to introduce ourselves and get to meet others in the chapter.

Note: This will not be a permanent location. We are still getting the chapter up and going and trying to finalize locations for events.

2018

Owasp Houston April Chapter Meeting

When: Wed, April 25, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Mahesh Babu, Head of Product Strategy, Contrast Security

Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.

Title: A phased approach to building security automation into your CI/CD

So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach.

Back to Top

Owasp Houston February Chapter Meeting

When: Wed, February 28, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Houston Java Users Group

Title: App Security Really Will Make You Money!

When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees.

Sponsor: Checkmarx

Back to Top

2017

Owasp Houston July Chapter Meeting

When: Tuesday July, 2017 at 6:30 PM

Where: NetIQ Corp 515 Post Oak Blvd, Houston, TX 77027

Speaker: Greg Anderson

Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page: https://www.owasp.org/index.php/User:Devgreg

Title: Making Vulnerability Management Less Painful with OWASP DefectDojo

DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.

Back to Top

Owasp Houston May Chapter Meeting

When: Tuesday May 23, 2017 at 6:00PM

Where: Lucky’s Pub Downtown 801 St Emanuel Street, Houston, TX 77003

Title: General Discussions and Networking

Our May meeting will be a discussion and forum focusing on OWASP projects and chapter roadmap. Discussion about:
  • OWASP Projects and events
  • Proposed topics for next meetings
  • Suggestions for becoming better involved in both the application development and security initiatives
  • Open discussion of current trends

Agenda:

  • 6:00 PM: Networking
  • 6:30 PM: Start of discussion
  • 8:00 PM Wrap-up and head home

Back to Top

Owasp Houston January Chapter Meeting

When: Sunday, January 8, 2017 6:00 PM to 9:00 PM

Where: Poison Girl 1641 Westheimer · Houston, TX

Title: New Year Kick-off

We will be hosting a New Year kick-off event to get the year started. This is a social meeting. Please join us to hear about our planned schedule for the year. We are interested in hearing directly from you on the kinds of application security talks and speakers you would like to see this year.

Sponsor: Alertlogic

Back to Top

2016

N/A

2015

Owasp Houston March Chapter Meeting

When: Thursday, March 26, 2015 6:00 PM to 9:00 PM

Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Welcome back to 2015 and our first event of the year. Now that Rodeo season is wrapping up what better way to reconnect with your AppSec friends than one of our Happy Hours.

Back to Top

2014

Owasp Houston December Chapter Meeting

When: Wednesday, December 17, 2014 6:00 PM to 9:00 PM

Where: The Original OKRA Charity Saloon 924 Congress St · Houston, TX

Title: Happy Hour

Season's greetings Houston,

We wanted to end the year with a social event. Join OWASP Houston to talk security on December 17th at Okra Charity Saloon at 924 Congress St. in downtown at 6:00 PM this Wednesday. We will be discussing some of our plans for the 2015 year and changes to chapter leadership.
When Houston was founded in 1836, the intersection at Congress and Main was the city’s primary intersection and shaped downtown Houston’s development. The bar, located at 924 Congress, initially opened as the Original Casino Saloon in 1882 and remained open until Prohibition. The original circle arch and barrel vault ceilings are still intact today.

Back to Top

Owasp Houston April Chapter Meeting

When: Thursday, April 10, 2014 6:00 PM to 9:00 PM

Where: The Westin Galleria Houston 5060 West Alabama Street · Houston, TX

Title: Owasp Houston Mini-Con

Please join us on April 10th for the first installment of OWASP Houston's 2014 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.


https://owasp-houston-april-mini-con.eventbrite.com

This event will be held in the Westin at the Galleria. Free parking is available in the Galleria parking garage. We will be in the imperial ballroom. This is the same room that our first Mini-con was held in.
Reception begins at 6:00PM. Our speakers at this event included Adam Prigden, and Tyler Borland. First presentation at 7:00PM. The event will be finished by 9:00PM.
We may have a late announcement on a third speaker.

Speaker: Tyler Borland

The primary focus of Tyler's talk is PHP Object Insertion. PHP Object Insertion, unserialize(), has been hitting the public circuit of popular software recently. Ever wondered what exactly it is and how to exploit it? This talk will walk you through a real, but patched, vulnerability and how to write a stable exploit for it. This talk will cover looking at PHP code, awesome Python exploit writing, and interesting things about PHP you might not have known on the adventure to creating a stable exploit.


Tyler Borland, TurboBorland, is forced to do a bio even though he is not good at it. He's one of those odd people with an affinity for breaking software and teaching people how to do it. Credentials? Since when do they make me a ninja turtle? Just know your trek into my talk will be one filled with danger and intrigue!

Speaker: Adam Prigden

The primary focus of Adam's talk is to discuss the reverse engineering of Java JAR files using the radare reverse engineering framework. These features include Java class file analysis and Java SSA extraction feature. This talk will utilize the Python scripting language primary for dynamic analysis, but the examples used in the talk should be easily transferable into the other scripting languages.


Adam is an independent information security consultant, who is pursuing his PhD in Computer Science under the supervision of Dr. Dan Wallach at Rice University. He is also an active contributor to the radare reverse engineering framework, where he has contributed support for analyzing Java class files along with several other features. Adam began his information security career in U.S. Army as an Infantryman after which he went on to complete a B.S. in Electrical. Engineering and an M.S. in Engineering at the University of Texas. Prior to returning graduate school at Rice, Adam was responsible for helping to build internal security testing standards and guidelines, developing tools, and executing engagements at Praetorian. Adam consults on a wide range of topics that including code reviews, threat modeling, and software penetration testing. Additionally, he has also presented on a wide range of information security topics as a lecturer and instructor in public, private, and academic settings.

Back to Top

Owasp Houston March Chapter Meeting

When: Thursday, March 13, 2014 6:00 PM to 9:00 PM

Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

We will be hosting this year's first OWASP Houston Happy Hour from 6PM-9PM on March 13th, 2014. OWASP meetings are equally free to members and non-members.

Join us in discussing application security and recent security related news over Texas brewed beers and tasty snacks. Beer and snacks are generously provided by our sponsors, White Hat Security and Alert Logic.

Sponsors: White Hat Security & Alertlogic

Back to Top

Owasp Houston February Chapter Meeting

When: Thursday, February 20, 2014 6:00 PM to 9:00 PM

Where: TXRX Labs 205 Roberts St · Houston, TX

Title: Metasploit Workshop

We have a new venue sponsored by TXRX Labs (http://txrxlabs.org). If you haven't been to TXRX labs its 16,000-square-foot hacker space on the east side of downtown. They provide educational classes like Intro to LinuxCNC (http://txrxlabs.org/classes/intro-to-linuxcnc-fall-2013_172/) and host recreational programming events. (http://txrxlabs.org/event/348/recreational-computer-programming-group/) They also have classes on knitting, welding, soldering, bike repair, and pancakes. This is a great space for learning in Houston and that's why we're exploring its use for OWASP workshops.


Our first Workshop topic for 2014 will be an introduction to Metasploit led by Dennis Maldonado(@DennisMald).
Dennis will be hosting a workshop on Metasploit and how it can be utilized for web application security assessments.
If you haven't been to an OWASP Houston Workshop before, you are encouraged to bring a laptop to follow along with the presentation, ask questions, and test out concepts. Dennis recommends bringing the latest version of Metasploit (currently 4.8.2) and Kali Linux (Currently 1.0.6, any architecture)

Workshop Host: Dennis Maldonado

Dennis is a security enthusiast/researcher with an interest in web application security and how web application vulnerabilities can be used to gain a foothold into the network.

Agenda

  • Reception 6PM-7PM
  • Presentation 7PM-8PM
  • Questions/Audience Participation 8PM-9PM

Back to Top

2013

Owasp Houston November Chapter Meeting

When: Thursday, November 14, 2013 6:00 PM to 9:00 PM
Where: Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX

Title: Mini-Con

Please join us on November 14th for the fourth installment of OWASP Houston's 2013 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available.


Reception begins at 6:00PM. Our speakers at this event included Jason Reeder, Johnathan Kuskos, and Daniel Buentello. Jason will starting the evening with our first presentation at 6:30PM. The event will be finished by 9:00PM.
This will be the last meeting of 2013. Thank you for all your support. We are currently planning the 2014 year.
To find out about future events, sign up for our meetup group. (http://www.meetup.com/OWASP-Houston/)

Speaker: Johnathan Kuskos

Kuskos is a Senior Application Security Engineer and newly appointed Security Check Supervisor for WhiteHat Security. He has a bad habit of going home and hacking after he's done hacking at his day job. As an active participant in responsible disclosure, he can be found on publicly recognized "Whitehat" lists for Shopify, Twitter, Mozilla, Netflix, Google, Meraki, LastPass, Barracuda Networks, and Etsy.

Title: WAF bypassing, breaking client-side validation, and advanced SQL injection obsfucation

The first bandaid that web app administrators typically apply to their site is a web application firewall. Most lack the technical skill set to tune it properly, or leave default settings "as is". Whitelists can be difficult to customize appropriately and blacklists usually fall prey to persistent attackers. Spoiler alert: All WAF's can be bypassed. This becomes even more devastating when the WAF is the only line of defense. This presentation will focus on injection obfuscation, and include a few cool tricks for bypassing pesky WAF blacklists and filters that I've come across on my journey to become a more thorough penetration tester.

Speaker: Daniel Buentello

Title: Weaponizing your Coffee Pot

As SoC price continue to drop and their implementation continues to rise, connected “”appliances”" (Internet of Things)will become an attractive avenue for cybercriminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard) If one were able to compromise an embedded host it would be the perfect vantage point for a MITM attack or a beachhead to launch other attacks. I plan to guide you through some of the steps from initial reconnaissance to building binaries for different architectures. Then end goal being to take over the host without breaking designed functionality (stealthy), being able to run third-party binaries at the start (lethal), and surviving basic removal techniques (persistent) aka weaponizing.

Sponsors:

  • HP
  • Accuvant
  • Baracuda
  • Alert Logic
  • cPanel

Back to Top

Owasp Houston October Chapter Meeting

When: Thursday, October 17, 2013 6:00 PM to 9:00 PM
Where: 1776 Yorktown 1776 Yorktown Street Houston, TX

Title: Oktoberfest Workshop

Please join us for another OWASP Houston workshop. Stuart Dunsmore (GCIA, GREM) will be leading a lesson on reverse engineering of malware by dissecting some malware that was caught as part of an email campaign. Additionally, Mukul Gupta (PhD, GCIA, GWEB, CISSP, CISA, CAP) will be providing some crypto challenges. Join us to use your brain and a command line to solve puzzles for prizes.

Agenda

Food, drinks, and crypto puzzles served from 6:00-8:??, Stuart will speak from 6:30 to 7:15. From 7:15 attendees may work through some of his lesson on their own and ask Stuart questions. Real malware samples will be provided. If you intend on participating please bring a computer with a virtual machine ready to go with an Evaluation copy of IDA pro.

Sponsors: Karbach Brewery

Back to Top

Owasp Houston September Chapter Meeting

When: Thursday, September 19, 2013 6:00 PM to 9:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Please join us at Stag's Head pub on September 19th at 6PM for an OWASP Houston Happy Hour. Drinks are on us while the budget lasts. This will be the last Happy Hour meeting of the year.

Back to Top

Owasp Houston August Chapter Meeting

When: Thursday, August 15, 2013 6:00 PM to 9:00 PM
Where: Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX

Title: Mini-Con

Please join us for another OWASP Houston Mini-Con on August 15th at 6PM. Please register on EventBrite to guarantee seating. (http://august-mini-con.eventbrite.com) Registration will be open July 29th at 10AM.

Speaker: Georgia Weidman

Georgia has worked in information security in both the public and private sectors. She recently founded her own security firm, Bulb Security LLC focusing on security training, research and development, and penetration testing. She began speaking at security conferences at Shmoocon 2011 and has had a full schedule ever since, presenting all over the world. To name a few she has spoken at Security Zone, Takedowncon, Hacker Halted, Defcon Wireless Village, and many Bsides events.


Georgia was recently awarded a DARPA Cyber Fast Track grant to continue her smartphone security research. Georgia’s security work has been featured in print articles including Ars Technica, PC World, and MIT Technology Review. She’s also discussed security on television on programs such as Fox News Live and 16×9 on Global TV Canada.

Title: Can You Hear Me Now?

Leveraging Mobile Devices on Pentests BYOD is not a new concept. From contractor laptops to an employee’s game console in the break room, a compromised device in the corporate environment can lead to all sorts of bad things. In this talk we will look at the unique threats that BYOD for mobile devices brings to the table. The most security conscious corporations are deploying the latest devices and policies to stop attackers from breaching the perimeter and if they do to stop data exfiltration. We will discuss how mobile devices on a corporate network and/or handling company data undermines these efforts. We will look at multiple mobile platforms gathering sensitive information, attacking other devices such as other mobile devices, servers, and workstations, and using out of band communication to perform data exfiltration and communicate with internal devices. Multiple live demo scenarios will be shown and some useful code for pentesters will be released.

Speaker: Clint Pollock

Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.

Title: Tips for Building a Successful Application Security Program Application

Vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product. The development environment is becoming increasingly complex – application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software. Ensuring these entities are creating secure software is becoming a daunting task. Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your applications. During this presentation we will recap the state of software security today and discuss detailed actions you can take to build a successful application security program that is centralized, policy-driven, and comprehensive.

Back to Top

Owasp Houston July Chapter Meeting

When: Thursday, July 18, 2013 6:00 PM to 9:00 PM
Where: 1706 Yorktown St 1706 Yorktown St Houston, Tx

Title: July Workshop

If you've been in application security for more than a day, you've probably heard about SQL injection. However, code injection flaws span a wide range of issues and are SQL is not unique in its susceptibility to injection attacks. In this class, we'll learn about another query language called XPath and discover how it, too, can be susceptible to injection attacks. Using the "XMLmao" testbed from the Magical Code Injection Rainbow suite, attendees will learn hands-on how to perform XPath injection attacks.
We will also have a copy of the testbed running on some virtual machines for everyone to test out after the workshop.

Workshop Host: Daniel Crowley

Daniel is a Managing Consultant for Trustwave's SpiderLabs team. Daniel has developed configurable testbeds such as SQLol, XSSmh and XMLmao for training and research regarding specific vulnerabilities. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE.

Back to Top

Owasp Houston June Chapter Meeting

When: Thursday, June 27, 2013 6:00 PM to 9:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Please join us next Thursday, June 27th. OWASP Houston will be are hosting a happy hour at Stag's Head pub starting at 6PM. I encourage you to come and participate in a discussion on possible OWASP projects that OWASP Houston community can get engaged with. We feel, as a chapter, we should be involved with at least one OWASP project. Please join us discuss how you can participate.

Back to Top

Owasp Houston May Chapter Meeting

When: Thursday, May 16, 2013 6:00 PM to 9:00 PM
Where: Sheraton Suites Houston Galleria 2400 West Loop S · Houston, TX

Title: Mini-Con

Reserve a ticket on eventbrite for entry
https://owasp-houston-may-mini-con.eventbrite.com/
RSVP does not guarantee entry.We will be opening eventbrite shortly
We're trying a new venue in the Galleria Area. Please join us in the Galleria area at the Sheraton Suites, 2400 West Loop South.

Speaker: Kevin Johnson

Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.

Title: Catching Flies with Mr Miyagi: Web Application Testing Techniques

In this talk based loosely around the Karate kid movies, Kevin John (CEO of Secure Ideas) will walk through some techniques to improve your web penetration testing techniques. Stop being the kid moved from NJ and dropped into a cruddy apartment. Learn the wax on/off of testing modern web applications.

Speaker: Terry Ray

Title: WTF, WAF Testing Framework

Presenting an approach to evaluating web application firewall capabilities that is suitable to the real world use case. Our methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. We will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment.

Sponsors:

  • Alert Logic
  • Barracuda
  • cPanel
  • Imperva

Back to Top

Owasp Houston April Chapter Meeting

When: Thursday, April 18, 2013 6:00 PM to 9:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title:

This event was originally intended to be a workshop. But, our speaker for this event fell through.
We will still have an informal meeting at Stag's Head for some adult beverages on April 18th at 6PM. If you want to have conversations about security topics and upcoming OWASP Houston plans please stop by.
Unlike usual, we will not be using the private room. We'll be in the general area. Look for people with laptops and backpacks.

Back to Top

Owasp Houston March Chapter Meeting

When: Thursday, March 14, 2013 6:00 PM to 8:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour

Please join us 6PM Thursday March 14th at Stag's Head for an OWASP Houston Happy Hour. We will provide beer, food, and conversations with security professionals. The lock picking table will also be present at this event, and we will be giving out prizes for challenge winners.
Stag's Head - 6PM Thursday March 14th http://www.stagsheadpub.com
2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby

Sponsors: Alertlogic & Imperva

Back to Top

Owasp Houston February Chapter Meeting

When: Thursday, February 21, 2013 6:00 PM to 9:00 PM
Where: The Westin Galleria Houston 5060 West Alabama Street · Houston, TX

Title: Mini-Con

Please read these details carefully. RSVP'ing on meetup.com will not guarantee entry to the event. This is a limited capacity event. If you would like to guarantee the availability of a seat please reserve a ticket with eventbrite.
https://owasp-feb-mini-con.eventbrite.com
Please join us in the Imperial Suite, located on the 24th floor of the Westin Galleria, on Thursday, February 21st at 6PM for the first OWASP Houston conference-style event of 2013.
The featured presentation will be delivered by Jason Chan, Cloud Security Architect from Netflix. Jason will be joining us to discuss Netflix approach to application security testing.

Sponsors:

  • Barracuda Networks
  • Imperva
  • Solid Border
  • AlertLogic

Back to Top

Owasp Houston January Chapter Meeting

When: Thursday, January 31, 2013 6:00 PM to 8:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Workshops

Join us on Thursday January 31st for an OWASP Houston Workshop. During this workshop attendees will be lead through the process of discovering and reporting vulnerabilities. We will start by reviewing source code for some common vulnerabilities. Once we identify interesting code, we will test the application to confirm our findings. Finally, we will discuss reporting. If you'd like to participate bring your laptop. You should prepare a virtual machine with Linux, Apache, Mysql, and PHP. If you just want to watch that's fine too.
Please join us 6PM Thursday January 31st at Stag's Head. http://www.stagsheadpub.com
2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby

Sponsors: Alertlogic & Imperva

Back to Top

2012

Owasp Houston March Chapter Meeting

When: Monday, November 19, 2012 6:00 PM to 9:00 PM
Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Kick-off Meeting

Thank you for your interest in OWASP Houston! We're planning a Kick-off meeting Monday November 19th to shape our plans for the 2013 year and we are looking for your participation. Please join us for food and drinks(beer) provided by our sponsor while we review aggregated survey results and finalize plans for our 2013 series of OWASP meetings.
Please join us 6PM Monday November 19th at Stag's Head. http://www.stagsheadpub.com
2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby
We are looking for additional people that are interested in helping OWASP Houston. So if you want to get involved now is the time.
Even though this is not a formal meeting I do expect some bugs will be discovered during the course of the meeting. So if you want to learn something come early.

Back to Top

Upcoming

Past

The chapter is in the process of obtaining sponsors and venues for meetings. Check back soon for further announcements

We are looking for sponsors

The Houston chapter is currently looking for sponsors to help us host some of the following events. If you would like more information about sponsoring our chapter, please reach out to Ryan Tierney or Benjamin Loula.

Event Types

OWASP Houston Chapter Meetings

The chapter meetings are the heart of the chapter. We need good content to bring to our members. Also, we need a good space that is welcoming and quiet for those attending to hear. We are looking for sponsors to help provide space and equipment for talks and presentations.

OWASP Houston Chapter Happy Hour Sponsorship

The chapter is looking for sponsors to help fund happy hours. This opportunity can benefit both the chapter and the sponsor.

OWASP Houston Chapter Technical Trainings

This chapter is looking to start helping build talent in this geographical area. We need to obtain training space, help setting up equipment, and even getting instructors here in the future.

OWASP Houston Chapter Presenter Sponsorships

The ability to help top tier presenters to get out to our chapter, we need some help. This level of sponsorship will do just that. We need help getting talented presenters to the area.