This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles  =====
 
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles  =====
  
<paypal>Los Angeles</paypal>  
+
<paypal>Los Angeles</paypal>
  
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday,&nbsp;May 25, 2011 7:00 P.M.&nbsp;- 8:30 P.M. <br> ==
+
== Next&nbsp;Chapter Meeting:&nbsp; Wednesday,&nbsp;June 22, 2011 7:00 P.M.&nbsp;- 8:30 P.M. <br> ==
  
 
Symantec<br>900 Corporate Pointe<br>Culver City, CA 90232<br>
 
Symantec<br>900 Corporate Pointe<br>Culver City, CA 90232<br>
  
Please RSVP: http://owasp-may2011.eventbrite.com/
+
Please RSVP: http://owasp-june2011.eventbrite.com/
 
   
 
   
 
----
 
----
  
==== Topic: Automated Detection of Security Flaws in Ruby on Rails Code ====
+
==== Topic: Gray, the new Black: Gray-Box Web Vulnerability Testing ====
  
Ruby on Rails is a popular web framework which is rapidly being adopted by companies. While Ruby is a very dynamic language, Rails’ adherence to the concept of “convention over configuration” has made it possible to create a capable, open source static analysis tool called “Brakeman” for finding security vulnerabilities at the source code level. Hudson – recently renamed Jenkins – is a continuous integration system which can be configured to run and monitor a wide variety of jobs. This talk will focus on the advantages of using static analysis for discovering security issues, and demonstrate how easy it is automatically monitor vulnerabilities in Ruby on Rails applications during all stages of development using Brakeman and Jenkins.
+
Penetration testers who use only black-box tools are destined to lose to attackers who are willing to spend more time or effort looking for vulnerabilities.  Defenders need to make use of one of the few natural advantages at their disposal: ready access to the system they’re trying to protect.
 +
 
 +
In this talk Brian will discuss gray-box vulnerability testing techniques that expose web application internals so that testers understand what an application is doing and can spot vulnerabilities faster. The tool observes the program while it executes. It reveals attack surface, points out vulnerable program behavior, opens up a code-level view of the application, and allows a tester to understand information flow inside the program.
 +
 
 +
==== Speaker: Brian Chess ====
 +
 
 +
Brian is currently the Founder/Chief Scientist at Fortify Software, an HP Company. Prior to his work with Fortify, Brian worked at NetSuite, where he started out as a programmer (when the whole company still fit into one apartment)  then managed a small team, then a bigger one, then all of the developers, and eventually became the Director of Software Development. Brian has a PhD in Computer Engineering from the University of California, Santa Cruz, and is the co-author of Secure Coding with Static Analysis.
  
==== Speaker: Justin Collins ====
 
  
Justin is a Security Engineer at AT&T Interactive and a PhD candidate in computer Science at UCLA. He wrote and published Brakeman, security code analyzer for Ruby on Rails code, which is available on GitHub.
 
  
 
----
 
----

Revision as of 03:00, 31 May 2011

Local News

Sign up for OWASP Los Angeles mailing list, very low volume and spam free.
https://lists.owasp.org/mailman/listinfo/owasp-losangeles

<paypal>Los Angeles</paypal>

Next Chapter Meeting:  Wednesday, June 22, 2011 7:00 P.M. - 8:30 P.M.

Symantec
900 Corporate Pointe
Culver City, CA 90232

Please RSVP: http://owasp-june2011.eventbrite.com/

Topic: Gray, the new Black: Gray-Box Web Vulnerability Testing

Penetration testers who use only black-box tools are destined to lose to attackers who are willing to spend more time or effort looking for vulnerabilities. Defenders need to make use of one of the few natural advantages at their disposal: ready access to the system they’re trying to protect.

In this talk Brian will discuss gray-box vulnerability testing techniques that expose web application internals so that testers understand what an application is doing and can spot vulnerabilities faster. The tool observes the program while it executes. It reveals attack surface, points out vulnerable program behavior, opens up a code-level view of the application, and allows a tester to understand information flow inside the program.

Speaker: Brian Chess

Brian is currently the Founder/Chief Scientist at Fortify Software, an HP Company. Prior to his work with Fortify, Brian worked at NetSuite, where he started out as a programmer (when the whole company still fit into one apartment) then managed a small team, then a bigger one, then all of the developers, and eventually became the Director of Software Development. Brian has a PhD in Computer Engineering from the University of California, Santa Cruz, and is the co-author of Secure Coding with Static Analysis.


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. When we accept your talk, it will be required to use the Powerpoint OWASP Template.

Archives of Previous Meetings

2009 Meetings

2010 Meetings

2011 Meetings

A list of previous presentations conducted at the Los Angeles Chapter can be found here.

Los Angeles Chapter


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

http://2010.AppSecUSA.org

Check out the videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=Los_Angeles&oldid=111214"