This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 15:50, 22 March 2011 by Jmorehouse (talk | contribs) (Presentation Archives)

Jump to: navigation, search

Welcome to the OWASP Tampa Local Chapter


Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at:

If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.

The Tampa chapter is sponsored by StratumSecurityTampaOWASP.png

Join the OWASP Tampa LinkedIn group here.

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

Next Meeting

Our 2011-Q1 meeting will be on Wednesday, March 16, from 6PM until 8PM. I am trying a new format with three shorter length talks. First off are Richard Newman and Brett McKinney. They will be speaking on performing vulnerability testing in an IPv6 world. Our second talk features Jeff LoSapio, Managing Partner at Stratum Security. Jeff will be discussing the lessons learned from deploying static analysis in development groups. Finally, Chris Patten of Packet Research will be presenting on intelligence gathering for penetration testers.

Abstracts for each of the talks are below:

Richard Newman & Brett McKinney - Vulnerability Management in an IPv6 World
With the last of the IPv4 addresses allocated to the regional registrars, IPv4 is quickly seeing an end to its reign. For a time we’ll see dual addressed networks as IPv6 is implemented and deployed. What does this mean to vulnerability and application scanning, penetration testing, and more?

Jeff LoSapio - Real Lessons of Deploying Static Analysis in Development Groups
Is it really worth investing in static analysis tools for your developers?
Can you effectively deploy the tools and attain valuable results?
What are the pitfalls?
How do you succeed?

Chris Patten - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata
This talk will provide insight into the often-overlooked requirement of performing effective intelligence gathering as a means to achieve a successful penetration test. In the age of technology, information is shared throughout organizations and distributed all over the world. Learn how penetration testers target hidden metadata and use it to open virtual doors. Finally, find out what can be done to protect against metadata harvesting attacks.

Please RSVP to the Chapter Leader by Tuesday, March 15, so that you can be added to the security list.

Meeting Location

We meet quarterly at the Kforce building in Ybor. The address is:

1001 East Palm Ave. Tampa, FL 33605

Park in the Visitor spaces in the main parking lot that is off of East Palm Avenue. You will need to identify yourself at the security desk and ask how to get to Training Room B.

Presentation Archives

2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides here

2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides here

2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman & Brett McKinney - Presentation Slides here

2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides here

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse & Tony Flick - Presentation slides here

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here

2009-Q2 - Open SAMM - Zate Berg - Presentation slides here

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here