This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Houston"

From OWASP
Jump to: navigation, search
(August 12, 2009 :: SharePoint Auditing and Penetration Testing by Shohn Tojacek)
(August 12, 2009 :: SharePoint Auditing and Penetration Testing by Shohn Tojacek)
Line 10: Line 10:
 
== August 12, 2009 ::  SharePoint Auditing and Penetration Testing by Shohn Tojacek ==
 
== August 12, 2009 ::  SharePoint Auditing and Penetration Testing by Shohn Tojacek ==
  
* '''Presentation:'''  SharePoint Auditing and Penetration Testing by Shohn Tojacek
+
* '''Presentation:'''  SharePoint Auditing and Penetration Testing by Shohn Tojacek<br><br>Gartner predicts SharePoint will eventually replace network file shares. This makes sense due to the feature-rich environment, ease of use, and collaborative benefits.  However, the default security model allows for all site users to have read access to all documents.  Further, Microsoft gives you base functionality in Windows Server using Windows SharePoint Services (WSS); but to really leverage SharePoint you probably want to use Microsoft Office SharePoint Server (MOSS) that allows for integration with MS Office documents.  Now you have all your company's documents in a single repository that has functionality that can enable different teams to 'build' their own portal and apply their own security model. <br><br>In this talk we will explore the possibilities of SharePoint and the security implications for your business and how you might address them.<br><br>'''About Our Presenter:'''<br><br>Shohn heads up the IT security services offerings of PivotPoint Solutions including consulting, auditing, and penetration testing / security assessment of most modern technologies including Web based applications.  His current experiences and security and audit background provide a more balanced view from both audit and an implementation standpoint. <br><br>Shohn is the Information Systems Director for PivotPoint Solutions. He is responsible for overseeing all aspects of IT infrastructure operations, administration, security, budgeting, and overall governance. He currently manages more than 40 Terabytes of storage, 50 independent systems, multiple networks, and employees. Management of and direct involvement in projects over the design, testing, and implementation of various technologies and associated policies and procedures.  Prior to PivotPoint Solutions, Shohn was a Manager in KPMG's Southwest Risk Advisory Services practice.  His primary area of expertise was in security assessments over technical infrastructure. He also has experience with other IT audits including SAS70s, application reviews, business process reviews, computer operations, general controls reviews, and system development<br><br>'''Date:''' August 12, 2009<br>'''Time:''' 6:00-7:30 Welcome, Announcements and Presentation<br><br>'''Location:'''<br>The new OWASP meeting physical address is:<br>Houston Community College (HCC)<br>1010 West Sam Houston Parkway North<br>Spring Branch Campus Commons<br>Houston, TX 77043
 
 
Gartner predicts SharePoint will eventually replace network file shares. This makes sense due to the feature-rich environment, ease of use, and collaborative benefits.  However, the default security model allows for all site users to have read access to all documents.  Further, Microsoft gives you base functionality in Windows Server using Windows SharePoint Services (WSS); but to really leverage SharePoint you probably want to use Microsoft Office SharePoint Server (MOSS) that allows for integration with MS Office documents.  Now you have all your company's documents in a single repository that has functionality that can enable different teams to 'build' their own portal and apply their own security model.  
 
 
 
In this talk we will explore the possibilities of SharePoint and the security implications for your business and how you might address them.
 
 
 
 
 
'''About Our Presenter:'''
 
 
 
Shohn heads up the IT security services offerings of PivotPoint Solutions including consulting, auditing, and penetration testing / security assessment of most modern technologies including Web based applications.  His current experiences and security and audit background provide a more balanced view from both audit and an implementation standpoint.  
 
Shohn is the Information Systems Director for PivotPoint Solutions. He is responsible for overseeing all aspects of IT infrastructure operations, administration, security, budgeting, and overall governance. He currently manages more than 40 Terabytes of storage, 50 independent systems, multiple networks, and employees. Management of and direct involvement in projects over the design, testing, and implementation of various technologies and associated policies and procedures.  Prior to PivotPoint Solutions, Shohn was a Manager in KPMG's Southwest Risk Advisory Services practice.  His primary area of expertise was in security assessments over technical infrastructure. He also has experience with other IT audits including SAS70s, application reviews, business process reviews, computer operations, general controls reviews, and system development
 
 
 
'''Date:''' August 12, 2009
 
'''Time:''' 6:00-7:30 Welcome, Announcements and Presentation
 
'''Location:'''
 
 
 
The new OWASP meeting physical address is:
 
Houston Community College (HCC)
 
1010 West Sam Houston Parkway North
 
Spring Branch Campus
 
Commons
 
Houston, TX 77043
 
 
 
 
<br><br><br><br>
 
<br><br><br><br>
  

Revision as of 20:11, 29 July 2009

OWASP Houston

Welcome to the Houston chapter homepage. The chapter leaders are Mark Feferman, Paul Dial, Linda Fox and David Nester


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

The Houston Chapter will focus around Web Application Security issues with discussions on application layer vulnerabilties, penetration testing, and secure coding practices within the numerous development languages. Our chapter will meet on the second (2nd) Wednesday of each month and participation in OWASP Houston is free and open to all.

Please subscribe to the mailing list for meeting announcements. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the Houston Chapter, send an email to David Nester.

<paypal>Houston</paypal>

Chapter Meetings

August 12, 2009 :: SharePoint Auditing and Penetration Testing by Shohn Tojacek

  • Presentation: SharePoint Auditing and Penetration Testing by Shohn Tojacek

    Gartner predicts SharePoint will eventually replace network file shares. This makes sense due to the feature-rich environment, ease of use, and collaborative benefits. However, the default security model allows for all site users to have read access to all documents. Further, Microsoft gives you base functionality in Windows Server using Windows SharePoint Services (WSS); but to really leverage SharePoint you probably want to use Microsoft Office SharePoint Server (MOSS) that allows for integration with MS Office documents. Now you have all your company's documents in a single repository that has functionality that can enable different teams to 'build' their own portal and apply their own security model.

    In this talk we will explore the possibilities of SharePoint and the security implications for your business and how you might address them.

    About Our Presenter:

    Shohn heads up the IT security services offerings of PivotPoint Solutions including consulting, auditing, and penetration testing / security assessment of most modern technologies including Web based applications. His current experiences and security and audit background provide a more balanced view from both audit and an implementation standpoint.

    Shohn is the Information Systems Director for PivotPoint Solutions. He is responsible for overseeing all aspects of IT infrastructure operations, administration, security, budgeting, and overall governance. He currently manages more than 40 Terabytes of storage, 50 independent systems, multiple networks, and employees. Management of and direct involvement in projects over the design, testing, and implementation of various technologies and associated policies and procedures. Prior to PivotPoint Solutions, Shohn was a Manager in KPMG's Southwest Risk Advisory Services practice. His primary area of expertise was in security assessments over technical infrastructure. He also has experience with other IT audits including SAS70s, application reviews, business process reviews, computer operations, general controls reviews, and system development

    Date: August 12, 2009
    Time: 6:00-7:30 Welcome, Announcements and Presentation

    Location:
    The new OWASP meeting physical address is:
    Houston Community College (HCC)
    1010 West Sam Houston Parkway North
    Spring Branch Campus Commons
    Houston, TX 77043





Past Presentations

  • May 13, 2009 (A): "Securing connection strings in the Web.Config and App.Config files for .NET Presentation Download
    Presentation by: Mark Feferman, CISSP

  • May 13, 2009 (B): "Stealing the Airlines Online Data Presentation Download
    Presentation by: Quincy Jackson, CISSP

  • April 8, 2009: "2009 Statistics Report and ClickJacking Presentation Download
    Presentation by David Nester, Director, Solutions Architecture, Whitehat Security.

  • August 19, 2008: "Dirty Dozen" - Truth and facts about PCI DSS Presentation Download
    Presentation by Genady Vishnevetsky, CISSP Director, IT Operations and Security. Paymetric, Inc

  • September 12, 2007: Fortify Software

Houston OWASP Chapter Leaders

Our chapter leaders are Mark Feferman, Linda Fox, Paul Dial and David Nester.