This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Philadelphia"

From OWASP
Jump to: navigation, search
m (Upcoing Meeting: Tuesday, July 20th, 2010 6:30pm - 8:30pm)
 
(86 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Philadelphia|extra=The chapter leaders are [mailto:[email protected] Aaron Weaver] and [mailto:darian@criticode.com Darian Patrick]
+
{{Chapter Template|chaptername=Philadelphia|extra=The chapter leaders are [mailto:[email protected] Aaron Weaver], [mailto:john.kh.baek@gmail.com John Baek] and [mailto:evan.[email protected]owasp.org Evan Oslick].
<paypal>Philadelphia</paypal>
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-philadelphia|emailarchives=http://lists.owasp.org/pipermail/owasp-philadelphia}}
 
  
== Upcoing Meeting: '''Tuesday, July 20th, 2010 6:30pm - 8:30pm'''  ==
+
Follow us [https://twitter.com/phillyowasp @phillyowasp]
'''OWASP Philly/ Meeting - University of Pennsylvania - Philadelphia'''
 
  
All are welcome to join us on Tuesday as we discuss web application security.
+
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-philadelphia|emailarchives=http://lists.owasp.org/pipermail/owasp-philadelphia}}
 
 
When: Tuesday, July 20th, 2010 6:30pm - 8:30pm<br/>
 
Where: Fisher-Bennett Room 401, University of Pennsylvania<br/>
 
3340 Walnut Street St.
 
Philadelphia, PA  19104
 
 
 
'''Agenda:'''<br>
 
1.) Opening Remarks<br>
 
2.) Balancing Security & Usability, Justin Klein Keane<br>
 
3.) TBD: Aspect Security Presentation<br>
 
4.) Happy Hour after the meeting at New Deck
 
 
 
[http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=3330+Walnut+St.,+Philadelphia,+Pennsylvania+19104&sll=39.953372,-75.191352&sspn=0.006678,0.013797&ie=UTF8&hq=&hnear=3330+Walnut+St,+Philadelphia,+Pennsylvania+19104&ll=39.954787,-75.191352&spn=0.006678,0.013797&z=16&iwloc=A&iwstate1=dir Directions to Fisher-Bennett]
 
 
 
Questions should be directed to [mailto:[email protected] Aaron Weaver]
 
 
 
'''User Interface and Security in Web Applications'''
 
 
 
Abstract: Balancing Security & Usability
 
 
 
Security is often seen as a competing priority to good user experience, but the two are not diametrically opposed. Good user experience is essential to good security. Without ease of use, most people simply ignore or bypass security protections in systems. In order to craft effective security measures it is essential to take user experience into consideration. With the meteoric growth of web applications as a medium for service delivery it is critical to deploy good security measures. Web applications offer an always on, globally available target for attackers. Users need to be allies in the drive for application security, but far too often security measures are presented as onerous, time consuming, bothersome add-on's to web applications rather than seamlessly integrated, easy to use, user friendly features. In this talk I propose to explore some of the reasons why good security in web applications matters and how you can make security effective by making it easy to use.
 
 
 
Speaker: Justin Klein Keane
 
 
 
Bio: Justin C. Klein Keane has over 8 years of experience in information
 
security starting with his role as Editor in Chief of the Hack in the
 
Box e-zine.  Currently Justin works as in Information Security
 
Specialist with the University of Pennsylvania School of Arts and
 
Sciences' Information Security and Unix Systems group.  Justin's past
 
work included several positions as a web application developer, often
 
utilizing PHP.  Justin is a regular contributer to the Full-Disclosure
 
mailing list and is credited with dozens of vulnerability discoveries.
 
Justin holds several ethical hacking and penetration testing
 
certifications and regularly posts computer security related articles on
 
his website http://www.MadIrish.net.
 
 
 
== Previous Meeting: '''Thursday, December 3rd, 2009 6:30pm - 8:30pm'''  ==
 
'''OWASP Philly/ Meeting - University of Pennsylvania - Philadelphia'''
 
 
 
'''This is a joint meeting with the [http://www.meetup.com/phillyphp/ Philadelphia Area PHP Meetup group]'''. All are welcome to join us on Tuesday as we discuss web application security.
 
 
 
When: December 3rd, 2009 6:30pm - 8:30pm<br/>
 
Where: Wu & Chen Auditorium, Levine Hall, University of Pennsylvania<br/>
 
3330 Walnut St.
 
Philadelphia, PA  19104
 
 
 
'''Agenda:'''<br>
 
1.) Opening Remarks<br>
 
2.) Discovering PHP Vulnerabilities Via Code Auditing, Justin Klein Keane<br>
 
3.) TBD: Bruce Diamond<br>
 
 
 
[http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=3330+Walnut+St.,+Philadelphia,+Pennsylvania+19104.&sll=39.953372,-75.191352&sspn=0.006678,0.013797&ie=UTF8&hq=&hnear=3330+Walnut+St,+Philadelphia,+Pennsylvania+19104&ll=39.954787,-75.191352&spn=0.006678,0.013797&z=16&iwloc=A&iwstate1=dir Directions to Levine Hall]
 
 
 
Questions should be directed to [mailto:[email protected] Darian Anthony Patrick]
 
 
 
'''Discovering PHP Vulnerabilities Via Code Auditing'''
 
 
 
Abstract: PHP provides an accessible, easy to use platform for developing dynamic
 
web applications.  As the number of web based applications grow, so too
 
does the threat from external attackers.  The open and global nature of
 
the web means that web applications are exposed to attack from around
 
the world around the clock.  Automated web application vulnerability
 
scanning technology is still very much in its infancy, and unable to
 
identify complex vulnerabilities that could lead to complete server
 
compromise.  While intrusion detection systems prove very valuable in
 
detecting attacks, the best way to prevent vulnerabilities is to engage
 
in active code review.  There are many advantages of direct code review
 
over automated testing, from the ability to identify complex edge
 
scenario vulnerabilities to finding non-exploitable flaws and fixing
 
them proactively.  Many vulnerabilities in PHP based web applications
 
are introduced with common misuse of the language or misunderstanding of
 
how functions can be safely utilized.  By understanding the common ways
 
in which vulnerabilities are introduced into PHP code it becomes easy to
 
quickly and accurately review PHP code and identify problems.  In
 
addition to common problems, PHP includes some obscure functionality
 
that can lead developers to unwittingly introduce vulnerabilities into
 
their applications.  By understanding the security implications of some
 
common PHP functions, code reviewers can pinpoint the use of such
 
functions in code and inspect them to ensure safety.
 
 
 
Speaker: Justin Klein Keane
 
 
 
Bio: Justin C. Klein Keane has over 8 years of experience in information
 
security starting with his role as Editor in Chief of the Hack in the
 
Box e-zine.  Currently Justin works as in Information Security
 
Specialist with the University of Pennsylvania School of Arts and
 
Sciences' Information Security and Unix Systems group.  Justin's past
 
work included several positions as a web application developer, often
 
utilizing PHP.  Justin is a regular contributer to the Full-Disclosure
 
mailing list and is credited with dozens of vulnerability discoveries.
 
Justin holds several ethical hacking and penetration testing
 
certifications and regularly posts computer security related articles on
 
his website http://www.MadIrish.net.
 
 
 
----
 
 
 
== Previous Meeting: '''October 27th, 2009 6:00pm - 9:00pm'''  ==
 
'''OWASP Philly Meeting - Comcast - Philadelphia'''
 
 
 
<b>Presentations:</b><br>
 
[http://www.owasp.org/images/7/79/Agile_Practices_and_Methods.ppt Agile Practices and Methods]<br>
 
[http://www.owasp.org/images/d/d0/OWASP-AJAX-Final.ppt AJAX Security]<br>
 
[http://www.owasp.org/images/0/06/Adobe_AMF.ppt Adobe AMF]<br>
 
 
 
Food and space provided by Comcast.
 
 
 
'''Sponsor:'''
 
[[Image:comcastlogo.gif]]
 
 
 
When: October 27th, 2009 6:00pm - 9:00pm
 
Where: Floor (TBD), Comcast, 1701 John F Kennedy Blvd Philadelphia, PA  08054
 
 
 
'''Agenda:'''<br>
 
1.) OWASP Meeting Opening Remarks: Bruce A. Kaalund Director, Product Security<br>
 
2.) Development Issues Within AJAX Applications: How to Divert Threats: Tom Tucker, Cenzic<br>
 
3.) Agile Software Development Principles and Practices : Ravindar Gujral, Agile Philadelphia<br>
 
4.) Testing Adobe Flex/SWF's, focusing on flash remoting (AMF): Aaron Weaver, Pearson eCollege<br>
 
 
 
[http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=1701+John+F+Kennedy+Blvd+philadelphia&sll=39.954255,-75.16839&sspn=0.006908,0.013711&ie=UTF8&hq=&hnear=1701+John+F+Kennedy+Blvd,+Philadelphia,+Pennsylvania+19103&ll=39.956185,-75.168393&spn=0.006908,0.013711&t=h&z=16&iwloc=A Directions to Comcast]
 
 
 
'''Development Issues Within AJAX Applications: How to Divert Threats'''
 
 
 
Speaker: Tom Tucker
 
 
 
Bio: Tom Tucker has over 25 years of experience within the enterprise hardware, software, network, and security market.  As a Senior Systems Engineer at Cenzic, Tom works directly with customers to protect their Web applications from hacker attacks.  Previously Tom's worked with Tier 1 and Tier 2 Network Service Providers such as BBN, GTE, AT&T, iPass, New Edge Networks and MegaPath Networks, designing firewall, VPN, WAN, LAN and Hosting solutions. Tom was also the Director of Intranet Engineering for Associates Information Services (now a part of Citigroup) implementing secure Internet technology solutions for both internal and external application delivery.
 
 
 
 
 
----
 
 
 
== Previous Meeting: '''Wednesday June 24th 2009, 6:30 PM - 8:00 PM'''  ==
 
'''OWASP Philly Meeting - AccessIT Group - King of Prussia'''
 
 
 
Pizza provided by AccessIT Group.
 
 
 
'''Sponsors:'''
 
[[Image:Logo_accessitgroup.gif]][[Image:Sanslogo_vertical.jpg]]
 
 
 
'''Agenda:'''<br>
 
1.) OWASP Introduction<br>
 
2.) How to Analyze Malicious Flash Programs - Lenny Zeltser<br>
 
3.) OWASP .NET, OWASP Report Generator,OWASP Cryttr/Encrypted Syndication - Mark Roxberry<br>
 
 
 
[http://atlas.mapquest.com/maps/map.adp?formtype=address&country=US&popflag=0&latitude=&longitude=&name=&phone=&level=&addtohistory=&cat=Access+It+Group+Inc&address=2000+Valley+Forge+Cir&city=King+of+Prussia&state=PA&zipcode=19406 Directions]
 
 
 
2000 Valley Forge Circle<br>
 
Suite 106<br>
 
King of Prussia, PA 19406<br>
 
 
 
AccessIT Group is located in the 2000  Building (middle building) of the Valley
 
Forge Towers.  The offices are located on the bottom floor of the
 
building.  Parking is available in the front or rear of the building. 
 
 
 
'''How to Analyze Malicious Flash Programs'''
 
 
 
by Lenny Zeltser (http://www.zeltser.com)
 
 
 
'''About the talk:'''
 
Attackers increasingly use malicious Flash programs, often in the form of banner ads, as initial infection vectors. Obfuscation techniques and multiple Flash virtual machines complicate this task of analyzing such threats. Come to learn insights, tools and techniques for reverse-engineering this category of browser malware.
 
 
 
'''Bio:'''
 
Lenny Zeltser leads the security consulting practice at Savvis. He is also a board of directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books. Lenny is one of the few individuals in the world who've earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. You can stay in touch with him via http://twitter.com/lennyzeltser.
 
 
 
'''OWASP .NET, OWASP Report Generator, OWASP Cryttr / Encrypted Syndication'''
 
 
 
by Mark Roxberry
 
 
 
About the talk:  Mark is looking to generate some interest in participating in OWASP projects.  He will be speaking about projects that he is involved in and hoping to recruit folks who have time, energy and motivation to help out.
 
 
 
Bio:  Mark Roxberry is a frequent contributor of research and code to OWASP.  His credits include OWASP Testing Guide contributor and reviewer, the OWASP .NET Project Lead, the OWASP Report Generator Lead and just recently the OWASP Encrypted Syndication Lead.  He is a Senior Consultant at Database Solutions in King of Prussia.  Mark has a B.S. in Russian Technical Translation from the Pennsylvania State University and has the CEH and CISSP certificates hanging in his bunker where he tries to figure out how to hack into Skynet when it comes online.
 
 
 
== Previous Meetings ==
 
 
 
Next Meeting: <br>'''October 28th 2008, 6:30 PM - 8:00 PM'''
 
<br>OWASP Philly Meeting - Protiviti - Two Libery Place Philadelphia
 
 
 
Come join us in Philadelphia as we discuss web application security.
 
 
 
'''Agenda:'''<br>
 
1.) Web Application Security and PCI requirements (V 1.1 and 1.2)<br>
 
2.) Clickjacking: What is it and should we be concerned about it?<br>
 
3.) Summary of OWASP conference in New York.
 
 
 
[Google Directions][http://maps.google.com/maps?q=50+South+16th+St+Philadelphia,+PA&ie=UTF-8&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&sa=X&oi=geocode_result&resnum=1&ct=title]
 
  
Two Libery Place 50 South 16th St<br>
+
<meetup group="OWASP-Philadelphia" />
Suite 2900<br>
 
Philadelphia, PA 19102 USA<br>
 
  
 
[[Category:Pennsylvania]]
 
[[Category:Pennsylvania]]

Latest revision as of 22:37, 31 October 2018

OWASP Philadelphia

Welcome to the Philadelphia chapter homepage. The chapter leaders are Aaron Weaver, John Baek and Evan Oslick.

Follow us @phillyowasp


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Chapter Meetings

Visit our group on meetup.com

Upcoming events

No events are scheduled at the moment.

Past events

  • May 3, 2020 (08:00): Online Infrastructure-as-Code Secure Coding Tournament 🎁with prizes!, · , Join us for an online gamified Infrastructure-As-Code secure coding tournament! Compete against your peers to identify & fix critical vulnerabilities in real-to-life Infrastructure-As-Code code snippets! Docker, Ansible, Terraform & Cloudformation! Prizes: 🎁Top finisher earns IAC secure coding trophy! 🎁2nd = Secure Code Warrior hoodie 🎁3rd & 4th = Secure Code Warrior t-shirt T (read more)
  • May 2, 2019 (18:00): SAST/IAST IntegrationVertex Inc., 2301 Renaissance Blvd · King of Prussia, PAWe all know how SAST works. We all know the promise of IAST. Learn how the integration of the two can improve the Secure-SDLC. One of the biggest struggles within the Secure-SDLC is integration between testing methodologies, this talk will show one of the ways that we can integrate one of the up and coming testing strategies and one of the noisiest!
  • Nov 19, 2018 (18:00): Threat intelligence on Application Security and DefectDojo: Open SourceComcast Center, 1 Comcast Center · Philadelphia, PALive stream for those that can't attend: https://youtu.be/JBZgh6YjvXs How Applications Are Attacked – an In-Depth Data-Driven Analysis Ray Pompon=> Principal Threat Research Evangelist, F5 Labs will provide results of data analysis for specific industries related to application attacks and prevention. DefectDojo: Running an OWASP Project Aaron Weaver=>Security Consultant, Chapter Lead will (read more)
  • Oct 16, 2018 (18:00): Philly Meetup - Capture the FlagVertex, 2301 Renaissance Blvd · King of Prussia, paThe next OWASP Philly meetup will be held on Tuesday October 16th, 2018 between 6:00 and 8:30pm at Vertex (2301 Renaissance Blvd · King of Prussia). This will be an interactive meetup where you'll have a chance to learn about and apply real application security concepts using the CMD+CTRL capture the flag platform. More information about the event below: LEARN TO DEFEND AGAINST HACKERSThe CTF wil (read more)
  • May 16, 2018 (18:00): Scaling Security using Automation Pipelines joint meeting with AWS User GroupAnexinet, 4 Sentry Parkway East, Suite 300 · Bluebell, PAAre you looking for frictionless security testing in your build pipeline that scales across your organization? This talk provides the framework and tooling to build a DevSecOps pipeline. Do you have infrastructure as code? Can you find security misconfigurations before those changes are applied to your cloud infrastructure? Continuous security testing is achieved using the AppSec Pipeline tool whi (read more)
See all past events on meetup.com