This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
Line 17: Line 17:
 
'''Please RSVP: http://www.eventbrite.com/'''<br>  
 
'''Please RSVP: http://www.eventbrite.com/'''<br>  
  
== Meeting Location<br>Symantec Corporation<br>900 Corporate Pointe (off Slauson)<br>Culver City, CA 90230<br>Laguna Conference Room, to the left of the building entry ==
+
== Meeting Location<br>Symantec Corporation<br>900 Corporate Pointe (off Slauson)<br>Culver City, CA 90230<br>Laguna Conference Room, to the left of the building entry ==
  
'''Identity Management: federation and authorization'''<br>  
+
'''Baking It In: Abuse-Resistant Web Applications'''<br>  
  
'''Speaker:'''  
+
'''Speakers:'''<br>
  
Todd Calvert is currently the Western Region Business Development / Sales Director for Arcot Systems, based in Sunnyvale, California, where he has been with the company over two years. Prior to Arcot, he has been involved with various industries involving enterprise SW for application management, modeling &amp; statistical analysis, and optimization for companies such as Compuware, KLA-Tencor, Nikon Inc., and Wind River. He graduated UC Santa Barbara in 1991 with a B.S. in Mathematical Sciences degree, and has spent much of his time to delivering educational &amp; technical seminars and math tutoring on the side.<br>  
+
'''Al Huizenga''' runs product strategy and management for [http://www.mykonossoftware.com/ Mykonos Software], a company focused on new ways to secure Web Applications from abuse. Al has 11 years experience managing, releasing, and marketing Web-based products and technologies in industry leading companies such as Cognos Inc., Platform Computing, and Panorama Software. He is fascinated by how the same technology attributes that drive Web application adoption – openness, transparency, and ubiquity – also represent severe risk to the businesses that use them.<br>  
  
<br> '''Sharks and Security'''  
+
<br>'''Kyle Adams''': As architect and lead developer for [http://www.mykonossoftware.com/ Mykonos Software], Kyle Adams has final responsibility for code quality and technical excellence. Mr. Adams is graduate of the Rochester Institute of Technology, earning a Bachelor Degree in Computer Science with a minor in Criminal Justice. He wrote his first password protection software at age 10, started hacking incessantly, and was writing his own encryption software by age 14. An AJAX expert and enthusiast, Mr. Adams has worked on scores of web application projects as a freelancer and entrepreneur.<br>
  
Abstract:  
+
''<br>'''''Abstract:'''
  
Do you know what makes a shark a shark and a hacker a hacker? Which is the most dangerous shark and how does that fit the profile of a dangerous hacker? What does the tiger shark have to do with garbage collection? Is there any connection between the locomotion in sharks and reverse engineering? and more…
+
Current solutions for securing Web applications at run-time rely heavily on signatures to identify and respond to threats. But signatures have become less effective at detecting threats over time, and aren’t sufficient to address the sophisticated abusive behavior that large, publicly exposed Web applications are subject to, including page scraping, logic abuse, malicious automation, phishing, and malware distribution.
  
There are sharks at sea and there are sharks on land! Many are prevalent in the information security space. In this talk, Mano Paul, a shark biologist are researcher from the Bahamas turned security professional takes you through the similarities and differences that exists between sharks that are after our digital assets and the relatively less dangerous and beautiful creation that swims the ocean currents. The talk with the demo of a Trojan called SharkBait has take aways for the all kinds of audiences, whether they are management, technical or operational in scope. <br>
+
<br>The key shortcoming is a lack of application context – without any grounding in actual application and user behavior, signature-based solutions can’t avoid flagging many false positives. This makes the information they provide to administrators practically un-actionable.  
  
Come for a fun-filled, highly interactive, and interesting presentation and leave with a new sense of appreciation on how to look at sharks and hackers and what you can do so that you or your organizations don't become shark bait.<br>  
+
<br>In response, new approaches are emerging that focus on behavior, not input signatures. One key trend is to enhance the application code itself with detection points that provide more transparency into malicious user behavior. This enables administrators to prevent application abuse before bad users can establish an attack vector. In this presentation, we’ll discuss the merits and challenges of this approach. We’ll focus on specific examples, including the OWASP AppSensor project and the Mykonos Security Appliance.<br>  
  
'''Speaker:'''<br> [[Image:Mano Paul.jpg|thumb|left|10px]] '''Shark Researcher turned Security Guru!'''<br> '''Manoranjan (Mano) Paul''' (CSSLP, CISSP, AMBCI, MCSD, MCAD, CompTIA Network+, ECSA) is the Founder and CEO at [http://www.securisksolutions.com SecuRisk Solutions] and [http://www.expresscertifications.com Express Certifications]. Based out of Austin, Texas in the USA, SecuRisk Solutions specializes in three areas of information security solutions - Product Development, Consulting and Awareness, Training &amp; Education while Express Certifications focuses on professional certifications like the CISSP, SSCP, CSSLP and the BCI certificate.
+
<br> '''Sponsor:'''&nbsp;  
 
 
Before SecuRisk Solutions and Express Certifications, Mano played several roles from software developer, quality assurance tester, logistics manager, technical architect, IT strategist and Security Engineer/Program Manager/Strategist at Dell Inc. His information security experience includes designing and developing software security programs from Compliance-to-Coding, application security risk management, security strategy &amp; management, and conducting security awareness training and education.
 
  
Mano started his career as a shark researcher in the Bimini Biological Field Station, Bahamas. His educational pursuit took him to the University of Oklahoma where he received his Business Administration degree in Management Information Systems (MIS) with various accolades and the coveted 4.0 GPA. He was a member of the OWASP Global Education Committee and actively participates in OWASP speaking, training and leadership events. He is also the appointed Software Assurance Advisor for (ISC)<sup>2</sup>, representing and advising the organization on software assurance strategy, training, education and certification. He has also served as an appointed faculty member and industry representative of the Capitol of Texas Information System Security Association (ISSA) chapter.
+
[http://Www.MykonosSoftware.com '''Mykonos Software'''] approaches Web application security differently. We understand how Web applications are abused by criminal attackers to steal data, commit fraud, or use company IP for un-intended tasks.<br>  
  
Mano has been featured in various domestic and international security conferences and is an invited speaker and panelist, delivering talks and keynotes in conferences such as the OWASP, CSI, Burton Group Catalyst, TRISC and SC World Congress conferences. He is the author of the Official (ISC)<sup>2</sup> Guide to the Certified Secure Software Lifecycle Professional (CSSLP<sup>CM</sup>), contributing author for the Information Security Management Handbook, writes periodically for the Certification Magazine and has contributed to several security topics for the Microsoft Solutions Developer Network (MSDN).
+
The Mykonos Security Appliance detects malicious abuse of web applications before the damage is done. This software solution profiles the abuse through intelligence gathering and responds to any abuse in real-time ultimately preventing data theft, fraudulent behavior and misuse of your Web properties. <br>  
  
Mano is married to Sangeetha Johnson whom he calls the “most wonderful and sacrificial person in this world” and their greatest fulfillment comes from spending time with their son – Reuben A Paul (RAP).
+
Articles by Mykonos<br>• Kyle Adams and Al Huizenga, “Whitepaper: Understanding and Responding to the Five Phases of Web Application Abuse”, Mykonos Software, 2010<br>• Kyle Adams, “A Layered Approach to Making Your Web Application a Safer Environment,” (In)Secure Magazine, Sept 2009<br>
  
 
<br>  
 
<br>  
  
<br> '''Sponsor:'''&nbsp;
+
'''Press on Mykonos''':<br>Network World http://www.networkworld.com/columnists/2010/070610antonopoulos.html<br>Dark Reading http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=227100051<br>SC Magazine http://www.scmagazineus.com/pages/login.aspx?returl=/anti-hack-retaliatory-action-against-digital-attacks/article/172651/&amp;pagetypeid=28&amp;articleid=172651&amp;accesslevel=1&amp;expireddays=0&amp;accessAndPrice=0<br><br>  
 
 
Arcot Systems Inc is the largest cloud based authentication company in the world and also a leader in online security products including 3-D Secure (aka Verified-by-Visa / MasterCard SecureCode), Strong Authentication, Risk Assessment, Secure Document Delivery, Tokenization and Secure Digital Signing.Our Strength is in a token-less 2 Factor Authentication Methodology /Adaptive Authentication/Secure Digital Signing/3-D Secure/Tokenization to reduce PCI-DSS Audit cost.  
 
 
 
ArcotID, 100% software based smart card, is the core constituent of this solution. ArcotID provides strong protection of digital IDs for multi-factor authentication, digital signatures and encryption. ArcotID uses Arcot's patented 'Cryptographic Camouflage' technology.  
 
 
 
WebFort is Versatile Authentication Server (VAS) that supports ArcotID authentication in addition to One-Time-Password (OTP), Question-and-Answer and Password authentications<br>  
 
 
 
<br>  
 
  
 
= Would you like to speak at an OWASP Los Angeles Meeting?  =
 
= Would you like to speak at an OWASP Los Angeles Meeting?  =

Revision as of 21:54, 4 November 2010

Local News

The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a sucess!

http://www.AppSecUSA.org

Check out the videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg

Next Chapter Meeting:  Wednesday, November 17, 2010 7:00 P.M.

We will be Having Two Great Speakers and Free Catered Greek Food

Please RSVP: http://www.eventbrite.com/

Meeting Location
Symantec Corporation
900 Corporate Pointe (off Slauson)
Culver City, CA 90230
Laguna Conference Room, to the left of the building entry

Baking It In: Abuse-Resistant Web Applications

Speakers:

Al Huizenga runs product strategy and management for Mykonos Software, a company focused on new ways to secure Web Applications from abuse. Al has 11 years experience managing, releasing, and marketing Web-based products and technologies in industry leading companies such as Cognos Inc., Platform Computing, and Panorama Software. He is fascinated by how the same technology attributes that drive Web application adoption – openness, transparency, and ubiquity – also represent severe risk to the businesses that use them.


Kyle Adams: As architect and lead developer for Mykonos Software, Kyle Adams has final responsibility for code quality and technical excellence. Mr. Adams is graduate of the Rochester Institute of Technology, earning a Bachelor Degree in Computer Science with a minor in Criminal Justice. He wrote his first password protection software at age 10, started hacking incessantly, and was writing his own encryption software by age 14. An AJAX expert and enthusiast, Mr. Adams has worked on scores of web application projects as a freelancer and entrepreneur.


Abstract:

Current solutions for securing Web applications at run-time rely heavily on signatures to identify and respond to threats. But signatures have become less effective at detecting threats over time, and aren’t sufficient to address the sophisticated abusive behavior that large, publicly exposed Web applications are subject to, including page scraping, logic abuse, malicious automation, phishing, and malware distribution.


The key shortcoming is a lack of application context – without any grounding in actual application and user behavior, signature-based solutions can’t avoid flagging many false positives. This makes the information they provide to administrators practically un-actionable.


In response, new approaches are emerging that focus on behavior, not input signatures. One key trend is to enhance the application code itself with detection points that provide more transparency into malicious user behavior. This enables administrators to prevent application abuse before bad users can establish an attack vector. In this presentation, we’ll discuss the merits and challenges of this approach. We’ll focus on specific examples, including the OWASP AppSensor project and the Mykonos Security Appliance.


Sponsor: 

Mykonos Software approaches Web application security differently. We understand how Web applications are abused by criminal attackers to steal data, commit fraud, or use company IP for un-intended tasks.

The Mykonos Security Appliance detects malicious abuse of web applications before the damage is done. This software solution profiles the abuse through intelligence gathering and responds to any abuse in real-time ultimately preventing data theft, fraudulent behavior and misuse of your Web properties.

Articles by Mykonos
• Kyle Adams and Al Huizenga, “Whitepaper: Understanding and Responding to the Five Phases of Web Application Abuse”, Mykonos Software, 2010
• Kyle Adams, “A Layered Approach to Making Your Web Application a Safer Environment,” (In)Secure Magazine, Sept 2009


Press on Mykonos:
Network World http://www.networkworld.com/columnists/2010/070610antonopoulos.html
Dark Reading http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=227100051
SC Magazine http://www.scmagazineus.com/pages/login.aspx?returl=/anti-hack-retaliatory-action-against-digital-attacks/article/172651/&pagetypeid=28&articleid=172651&accesslevel=1&expireddays=0&accessAndPrice=0

Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. When we accept your talk, it will be required to use the Powerpoint OWASP Template.

Archives of Previous Meetings

A list of previous presentations conducted at the Los Angeles Chapter can be found here.

Los Angeles Chapter