Revision as of 02:04, 8 November 2010

Local News

The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a sucess!

http://www.AppSecUSA.org

Check out the videos: http://vimeo.com/user4863863/videos

Next Chapter Meeting:  Wednesday, November 17, 2010 7:00 P.M.

We will be Having Two Great Speakers again and Free Catered Greek Food

Please RSVP: http://www.eventbrite.com/event/1025602605

Meeting Location
Symantec Corporation
900 Corporate Pointe (off Slauson)
Culver City, CA 90230
Laguna Conference Room, to the left of the building entry

Baking It In: Abuse-Resistant Web Applications

Speakers:

Al Huizenga runs product strategy and management for Mykonos Software, a company focused on new ways to secure Web Applications from abuse. Al has 11 years experience managing, releasing, and marketing Web-based products and technologies in industry leading companies such as Cognos Inc., Platform Computing, and Panorama Software. He is fascinated by how the same technology attributes that drive Web application adoption – openness, transparency, and ubiquity – also represent severe risk to the businesses that use them.

Kyle Adams: As architect and lead developer for Mykonos Software, Kyle Adams has final responsibility for code quality and technical excellence. Mr. Adams is graduate of the Rochester Institute of Technology, earning a Bachelor Degree in Computer Science with a minor in Criminal Justice. He wrote his first password protection software at age 10, started hacking incessantly, and was writing his own encryption software by age 14. An AJAX expert and enthusiast, Mr. Adams has worked on scores of web application projects as a freelancer and entrepreneur.

Abstract:

Current solutions for securing Web applications at run-time rely heavily on signatures to identify and respond to threats. But signatures have become less effective at detecting threats over time, and aren’t sufficient to address the sophisticated abusive behavior that large, publicly exposed Web applications are subject to, including page scraping, logic abuse, malicious automation, phishing, and malware distribution.

The key shortcoming is a lack of application context – without any grounding in actual application and user behavior, signature-based solutions can’t avoid flagging many false positives. This makes the information they provide to administrators practically un-actionable.

In response, new approaches are emerging that focus on behavior, not input signatures. One key trend is to enhance the application code itself with detection points that provide more transparency into malicious user behavior. This enables administrators to prevent application abuse before bad users can establish an attack vector. In this presentation, we’ll discuss the merits and challenges of this approach. We’ll focus on specific examples, including the OWASP AppSensor project and the Mykonos Security Appliance.

Stunext Worm

Speakers:
Liam O Murchu, Security Response at Symantec Corporation

Abstract:

Details coming soon. But for now, refer to Wikipedia. http://en.wikipedia.org/wiki/Stuxnet

Sponsor: 

Mykonos Software approaches Web application security differently. We understand how Web applications are abused by criminal attackers to steal data, commit fraud, or use company IP for un-intended tasks.

The Mykonos Security Appliance detects malicious abuse of web applications before the damage is done. This software solution profiles the abuse through intelligence gathering and responds to any abuse in real-time ultimately preventing data theft, fraudulent behavior and misuse of your Web properties.

Articles by Mykonos
• Kyle Adams and Al Huizenga, “Whitepaper: Understanding and Responding to the Five Phases of Web Application Abuse”, Mykonos Software, 2010
• Kyle Adams, “A Layered Approach to Making Your Web Application a Safer Environment,” (In)Secure Magazine, Sept 2009

Press on Mykonos:
Network World http://www.networkworld.com/columnists/2010/070610antonopoulos.html
Dark Reading http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=227100051
SC Magazine http://www.scmagazineus.com/pages/login.aspx?returl=/anti-hack-retaliatory-action-against-digital-attacks/article/172651/&pagetypeid=28&articleid=172651&accesslevel=1&expireddays=0&accessAndPrice=0

Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Tin Zaw. When we accept your talk, it will be required to use the Powerpoint OWASP Template.

Archives of Previous Meetings

A list of previous presentations conducted at the Los Angeles Chapter can be found here.

Los Angeles Chapter

• Tin Zaw -- Chapter Leader and Chair
• Cassio Goldschmidt -- Board Member
• Richard Greenberg -- Board Member