Welcome to the OWASP Tampa Local Chapter
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa
If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.
The Tampa chapter is sponsored by FYRM Associates.
Join the OWASP Tampa LinkedIn group here.
A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.
Our 2010-Q2 meeting will be on a Wednesday, June 30th from 6pm to 8pm. Tony Flick and Justin Morehouse will be presenting their 2010 ShmooCon talk, "Stealing Guests...The VMware Way."
During this talk, we'll reveal how to steal VMware guests from within other guests using the vulnerability we identified in CVE-2009-3733. Quick and dirty... we'll discuss how we stumbled upon the vulnerability, determined its capabilities, and its potential implications to virtualization...complete with a live demonstration. Bring your own notebook for hands-on goodness.
They will also be previewing their DEF CON 18 talk, "Getting Social with the Smart Grid."
Littered with endless threats and vulnerabilities surrounding both social networking and the Smart Grid, the marriage of these two technologies is official, despite protests by the security community. Consumers love it because they can brag to their friends about how green they are. Businesses love it more because it provides fresh material for their marketing departments. Hackers love it the most because it opens up attack vectors, both new and old.<blockquoteDuring this presentation we dissect readily available social Smart Devices, examining where they get things right, and where they fail. We expand on the failures, discussing and demonstrating attacks against consumers (think PleaseRobMe.com), the Smart Devices themselves, and the social networking sites they communicate with. We want consumers, device manufactures, and social networking sites to understand how to get social with the Smart Grid securely, and prevent social networking privacy from becoming even more complex. The tools we release during this presentation will allow consumers to review their Smart Devices' social footprint, and provide device manufacturers with recommendations that can be implemented immediately. Attendees will leave our presentation armed with a deep understanding of the strengths and weaknesses of social Smart Devices, how to attack their current weaknesses and leverage their current strengths, and utilize our tools to further research how we all can better secure the social side of the Smart Grid. </blockquote>
Please RSVP to the Chapter Leader by Tuesday, June 29 so that you will be added to the security list.
We meet quarterly at the Kforce building in Ybor. The address is:
Park in the Visitor spaces in the main parking lot that is off of East Palm Avenue. You will need to identify yourself at the security desk and ask how to get to Training Room B.
2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here.
2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here.
2009-Q2 - Open SAMM - Zate Berg - Presentation slides here.
2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here.
2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here.