Difference between revisions of "Los Angeles"
m (→April 15th, 2009 7:30PM)
|Line 17:||Line 17:|
* <b>Cross Site Scripting, Exploits and Defenses</b><br><br>
* <b>Cross Site Scripting, Exploits and Defenses</b><br><br>
For a long time, the impact of XSS vulnerabilities has been grossly underestimated. Recent compromises, such as the pro-Hillary [http://cyberinsecure.com/hacked-obama-site-redirects-visitors-to-clintons-site/ defacement] of Barack Obama's website demonstrated the impact of XSS vulnerabilities to the masses.
For a long time, the impact of XSS vulnerabilities has been grossly underestimated. Recent compromises, such as the pro-Hillary [http://cyberinsecure.com/hacked-obama-site-redirects-visitors-to-clintons-site/ defacement] of Barack Obama's websitedemonstrated the impact of XSS vulnerabilities to the masses.
During this presentation,
During this presentation, Campbell will demonstrate exactly how effective XSS vulns can be, and show you what you can do to protect yourself and your sites.
[https://www.owasp.org/index.php/Image:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf Slide deck]
[https://www.owasp.org/index.php/Image:DC_ED_OWASP_XSS_MAY2008_v1.0.pdf Slide deck ]
<b>David Campbell</b> is an infosec veteran, with experience ranging from penetration testing for Fortune 100's to architecting security solutions for large multinational financials to consulting for government agencies. DC is presently of and is .
Revision as of 21:17, 5 April 2009
OWASP Los Angeles
Welcome to the Los Angeles chapter homepage. The chapter leader is Cassio Goldschmidt
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Upcoming Chapter Meetings
Meeting Location Symantec Corporation 900 Corporate Pointe Culver City, CA 90230 Laguna Conference Room
April 15th, 2009 7:30PM
- Cross Site Scripting, Exploits and Defenses
For a long time, the impact of XSS vulnerabilities has been grossly underestimated. Recent compromises, such as the pro-Hillary defacement of Barack Obama's website, and a Viral XSS in Twitter demonstrated the impact of XSS vulnerabilities to the masses.
During this presentation, David Campbell will demonstrate exactly how effective XSS vulns can be, and show you what you can do to protect yourself and your sites.
This presentation was originally delivered to OWASP Colorado in May of 2008, and has been updated for this session.
Slide deck from May '08 talk
David Campbell is an infosec veteran, with experience ranging from penetration testing for Fortune 100's to architecting security solutions for large multinational financials to consulting for government agencies. DC is presently chapter leader of OWASP Denver and is Principal Consultant at Electric Alchemy.
May 20th, 2009 7:00PM (note the time change)
- Top Ten Web Hacking Techniques of 2008: "What's possible, not probable"
The polls are closed, votes are in, and we have the winners making up the Top Ten Web Hacking Techniques of 2008! The competition was fierce with the newest and most innovative web hacking techniques to the test. This session will review the top ten hacks from 2008 - what they indicate about the security of the web, what they mean for businesses, and what might be used against us soon down the road.
Jeremiah Grossman is the founder and CTO of WhiteHat Security. He is considered a world-renowned expert in Web security, is a co- founder of the Web Application Security Consortium, and was named to InfoWorld's Top 25 CTOs for 2007. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA, CSI, HiTB, OWASP, ISSA, and a number of large universities. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks. Grossman is often quoted in the the business and technical press. Prior to WhiteHat, Grossman was an information security officer at Yahoo!
June 24th, 2009 7:30PM
- Information Warfare: Past, Present and Future
Information warfare is the composite use of psychological operations (PYOPS), military deception (MILDEC), operational security (OPSEC), computer network operations (CNO), and electronic warfare (EW) to control and disrupt information flow. Recently, interest in information war technologies, techniques and policy issues have increased, especially in the domain of CNO. Increased scrutiny over network operations is both legitimate and valid, as global commerce and military powers are integrated and dependent on the Internet for critical operations. This presentation will describe the five domains of information warfare, the past use of information warfare in the Gulf war and recent Cyber attacks on the Eastern European countries of Georgia and Estonia. Information will be presented on possible new directions of information warfare.
Mikhael Felker, CISSP-ISSEP has worked in a variety of roles including instructor, engineer, and researcher. He is currently employed by The Aerospace Corporation in the Information Assurance Technology Department, supporting Information Assurance (IA) for satellite systems. He is also an Instructor within the Computer & Information Systems Division at UCLA Extension, teaching a course in networking. Actively involved in the Los Angeles security community, he is the Education Director for Los Angeles Chapter of Information Systems Security Association (ISSA), member and speaker of Information Systems Audit and Control Association (ISACA), and former Defense Sector Coordinator for InfraGard. Mikhael has published articles in IEEE Security & Privacy, the ISSA Journal, Information Systems Control Journal, and SecurityFocus. He is a recipient of the Scholarship for Service Program (SFS) Fellowship, sponsored by the National Science Foundation and Department of Homeland Security (DHS). Mikhael completed his graduate work at Carnegie Mellon University with a Master's in Information Security Policy & Management and Bachelor's at UCLA in Computer Science. He holds over 10 certifications in IT and Security.
Would you like to speak at an OWASP Los Angeles Meeting?
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email to Cassio Goldschmidt. When accepted it will be required to use the following powerpoint OWASP Template