Houston

=Upcoming Events=

2019
=Past Events=

Owasp Houston April Chapter Meeting
When: Wed, April 25, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Mahesh Babu, Head of Product Strategy, Contrast Security "Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University."

Title: A phased approach to building security automation into your CI/CD "So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach."

Back to Top

Owasp Houston February Chapter Meeting
When: Wed, February 28, 2018 6:30 PM – 8:30 PM

Where: PROS 3100 Main 2nd floor, Room B Houston, TX 77002

Speaker: Houston Java Users Group

Title: App Security Really Will Make You Money! "When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees."

Sponsor: Checkmarx Back to Top

Owasp Houston July Chapter Meeting
When: Tuesday July, 2017 at 6:30 PM

Where: NetIQ Corp 515 Post Oak Blvd, Houston, TX 77027

Speaker: Greg Anderson "Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page: https://www.owasp.org/index.php/User:Devgreg"

Title: Making Vulnerability Management Less Painful with OWASP DefectDojo "DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo."

Back to Top

Owasp Houston May Chapter Meeting
When: Tuesday May 23, 2017 at 6:00PM

Where: Lucky’s Pub Downtown 801 St Emanuel Street, Houston, TX 77003

Title: General Discussions and Networking Our May meeting will be a discussion and forum focusing on OWASP projects and chapter roadmap. Discussion about: Agenda: Back to Top
 * OWASP Projects and events
 * Proposed topics for next meetings
 * Suggestions for becoming better involved in both the application development and security initiatives
 * Open discussion of current trends
 * 6:00 PM: Networking
 * 6:30 PM: Start of discussion
 * 8:00 PM Wrap-up and head home

Owasp Houston January Chapter Meeting
When: Sunday, January 8, 2017 6:00 PM to 9:00 PM

Where: Poison Girl 1641 Westheimer · Houston, TX

Title: New Year Kick-off We will be hosting a New Year kick-off event to get the year started. This is a social meeting. Please join us to hear about our planned schedule for the year. We are interested in hearing directly from you on the kinds of application security talks and speakers you would like to see this year.

Sponsor: Alertlogic

Back to Top

2016
N/A

Owasp Houston March Chapter Meeting
When: Thursday, March 26, 2015 6:00 PM to 9:00 PM

Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour Welcome back to 2015 and our first event of the year. Now that Rodeo season is wrapping up what better way to reconnect with your AppSec friends than one of our Happy Hours.

Back to Top

Owasp Houston December Chapter Meeting
When: Wednesday, December 17, 2014 6:00 PM to 9:00 PM

Where: The Original OKRA Charity Saloon 924 Congress St · Houston, TX

Title: Happy Hour Season's greetings Houston,

We wanted to end the year with a social event. Join OWASP Houston to talk security on December 17th at Okra Charity Saloon at 924 Congress St. in downtown at 6:00 PM this Wednesday. We will be discussing some of our plans for the 2015 year and changes to chapter leadership. When Houston was founded in 1836, the intersection at Congress and Main was the city’s primary intersection and shaped downtown Houston’s development. The bar, located at 924 Congress, initially opened as the Original Casino Saloon in 1882 and remained open until Prohibition. The original circle arch and barrel vault ceilings are still intact today.

Back to Top

Owasp Houston April Chapter Meeting
When: Thursday, April 10, 2014 6:00 PM to 9:00 PM

Where: The Westin Galleria Houston 5060 West Alabama Street · Houston, TX

Title: Owasp Houston Mini-Con Please join us on April 10th for the first installment of OWASP Houston's 2014 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available. https://owasp-houston-april-mini-con.eventbrite.com This event will be held in the Westin at the Galleria. Free parking is available in the Galleria parking garage. We will be in the imperial ballroom. This is the same room that our first Mini-con was held in. Reception begins at 6:00PM. Our speakers at this event included Adam Prigden, and Tyler Borland. First presentation at 7:00PM. The event will be finished by 9:00PM. We may have a late announcement on a third speaker.

Speaker: Tyler Borland The primary focus of Tyler's talk is PHP Object Insertion. PHP Object Insertion, unserialize, has been hitting the public circuit of popular software recently. Ever wondered what exactly it is and how to exploit it? This talk will walk you through a real, but patched, vulnerability and how to write a stable exploit for it. This talk will cover looking at PHP code, awesome Python exploit writing, and interesting things about PHP you might not have known on the adventure to creating a stable exploit. Tyler Borland, TurboBorland, is forced to do a bio even though he is not good at it. He's one of those odd people with an affinity for breaking software and teaching people how to do it. Credentials? Since when do they make me a ninja turtle? Just know your trek into my talk will be one filled with danger and intrigue!

Speaker: Adam Prigden The primary focus of Adam's talk is to discuss the reverse engineering of Java JAR files using the radare reverse engineering framework. These features include Java class file analysis and Java SSA extraction feature. This talk will utilize the Python scripting language primary for dynamic analysis, but the examples used in the talk should be easily transferable into the other scripting languages. Adam is an independent information security consultant, who is pursuing his PhD in Computer Science under the supervision of Dr. Dan Wallach at Rice University. He is also an active contributor to the radare reverse engineering framework, where he has contributed support for analyzing Java class files along with several other features. Adam began his information security career in U.S. Army as an Infantryman after which he went on to complete a B.S. in Electrical. Engineering and an M.S. in Engineering at the University of Texas. Prior to returning graduate school at Rice, Adam was responsible for helping to build internal security testing standards and guidelines, developing tools, and executing engagements at Praetorian. Adam consults on a wide range of topics that including code reviews, threat modeling, and software penetration testing. Additionally, he has also presented on a wide range of information security topics as a lecturer and instructor in public, private, and academic settings. Back to Top

Owasp Houston March Chapter Meeting
When: Thursday, March 13, 2014 6:00 PM to 9:00 PM

Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour We will be hosting this year's first OWASP Houston Happy Hour from 6PM-9PM on March 13th, 2014. OWASP meetings are equally free to members and non-members.

Join us in discussing application security and recent security related news over Texas brewed beers and tasty snacks. Beer and snacks are generously provided by our sponsors, White Hat Security and Alert Logic.

Sponsors: White Hat Security & Alertlogic

Back to Top

Owasp Houston February Chapter Meeting
When: Thursday, February 20, 2014 6:00 PM to 9:00 PM

Where: TXRX Labs 205 Roberts St · Houston, TX

Title: Metasploit Workshop We have a new venue sponsored by TXRX Labs (http://txrxlabs.org). If you haven't been to TXRX labs its 16,000-square-foot hacker space on the east side of downtown. They provide educational classes like Intro to LinuxCNC (http://txrxlabs.org/classes/intro-to-linuxcnc-fall-2013_172/) and host recreational programming events. (http://txrxlabs.org/event/348/recreational-computer-programming-group/) They also have classes on knitting, welding, soldering, bike repair, and pancakes. This is a great space for learning in Houston and that's why we're exploring its use for OWASP workshops. Our first Workshop topic for 2014 will be an introduction to Metasploit led by Dennis Maldonado(@DennisMald). Dennis will be hosting a workshop on Metasploit and how it can be utilized for web application security assessments. If you haven't been to an OWASP Houston Workshop before, you are encouraged to bring a laptop to follow along with the presentation, ask questions, and test out concepts. Dennis recommends bringing the latest version of Metasploit (currently 4.8.2) and Kali Linux (Currently 1.0.6, any architecture)

Workshop Host: Dennis Maldonado "Dennis is a security enthusiast/researcher with an interest in web application security and how web application vulnerabilities can be used to gain a foothold into the network."

Agenda
 * Reception 6PM-7PM
 * Presentation 7PM-8PM
 * Questions/Audience Participation 8PM-9PM

Back to Top

Owasp Houston November Chapter Meeting
When: Thursday, November 14, 2013 6:00 PM to 9:00 PM Where: Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX

Title: Mini-Con Please join us on November 14th for the fourth installment of OWASP Houston's 2013 Mini-Con series. Seating and drinks are reserved for guests that have signed up through eventbrite. If there are no tickets available, a wait list will for a seat will be opened. If you do not have a ticket and would like to come, please come to the event early. Limited standing room will be available. Reception begins at 6:00PM. Our speakers at this event included Jason Reeder, Johnathan Kuskos, and Daniel Buentello. Jason will starting the evening with our first presentation at 6:30PM. The event will be finished by 9:00PM. This will be the last meeting of 2013. Thank you for all your support. We are currently planning the 2014 year. To find out about future events, sign up for our meetup group. (http://www.meetup.com/OWASP-Houston/)

Speaker: Johnathan Kuskos "Kuskos is a Senior Application Security Engineer and newly appointed Security Check Supervisor for WhiteHat Security. He has a bad habit of going home and hacking after he's done hacking at his day job. As an active participant in responsible disclosure, he can be found on publicly recognized 'Whitehat' lists for Shopify, Twitter, Mozilla, Netflix, Google, Meraki, LastPass, Barracuda Networks, and Etsy."

Title: WAF bypassing, breaking client-side validation, and advanced SQL injection obsfucation "The first bandaid that web app administrators typically apply to their site is a web application firewall. Most lack the technical skill set to tune it properly, or leave default settings 'as is'. Whitelists can be difficult to customize appropriately and blacklists usually fall prey to persistent attackers. Spoiler alert: All WAF's can be bypassed. This becomes even more devastating when the WAF is the only line of defense. This presentation will focus on injection obfuscation, and include a few cool tricks for bypassing pesky WAF blacklists and filters that I've come across on my journey to become a more thorough penetration tester."

Speaker: Daniel Buentello

Title: Weaponizing your Coffee Pot "As SoC price continue to drop and their implementation continues to rise, connected “”appliances”' (Internet of Things)will become an attractive avenue for cybercriminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard) If one were able to compromise an embedded host it would be the perfect vantage point for a MITM attack or a beachhead to launch other attacks. I plan to guide you through some of the steps from initial reconnaissance to building binaries for different architectures. Then end goal being to take over the host without breaking designed functionality (stealthy), being able to run third-party binaries at the start (lethal), and surviving basic removal techniques (persistent) aka weaponizing."

Sponsors:
 * HP
 * Accuvant
 * Baracuda
 * Alert Logic
 * cPanel

Back to Top

Owasp Houston October Chapter Meeting
When: Thursday, October 17, 2013 6:00 PM to 9:00 PM Where: 1776 Yorktown 1776 Yorktown Street Houston, TX

Title: Oktoberfest Workshop Please join us for another OWASP Houston workshop. Stuart Dunsmore (GCIA, GREM) will be leading a lesson on reverse engineering of malware by dissecting some malware that was caught as part of an email campaign. Additionally, Mukul Gupta (PhD, GCIA, GWEB, CISSP, CISA, CAP) will be providing some crypto challenges. Join us to use your brain and a command line to solve puzzles for prizes.

Agenda "Food, drinks, and crypto puzzles served from 6:00-8:??, Stuart will speak from 6:30 to 7:15. From 7:15 attendees may work through some of his lesson on their own and ask Stuart questions. Real malware samples will be provided. If you intend on participating please bring a computer with a virtual machine ready to go with an Evaluation copy of IDA pro."

Sponsors: Karbach Brewery

Back to Top

Owasp Houston September Chapter Meeting
When: Thursday, September 19, 2013 6:00 PM to 9:00 PM Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour Please join us at Stag's Head pub on September 19th at 6PM for an OWASP Houston Happy Hour. Drinks are on us while the budget lasts. This will be the last Happy Hour meeting of the year.

Back to Top

Owasp Houston August Chapter Meeting
When: Thursday, August 15, 2013 6:00 PM to 9:00 PM Where: Sheraton Suites Houston Galleria 2400 West Loop S Houston, TX

Title: Mini-Con Please join us for another OWASP Houston Mini-Con on August 15th at 6PM. Please register on EventBrite to guarantee seating. (http://august-mini-con.eventbrite.com) Registration will be open July 29th at 10AM.

Speaker: Georgia Weidman Georgia has worked in information security in both the public and private sectors. She recently founded her own security firm, Bulb Security LLC focusing on security training, research and development, and penetration testing. She began speaking at security conferences at Shmoocon 2011 and has had a full schedule ever since, presenting all over the world. To name a few she has spoken at Security Zone, Takedowncon, Hacker Halted, Defcon Wireless Village, and many Bsides events. Georgia was recently awarded a DARPA Cyber Fast Track grant to continue her smartphone security research. Georgia’s security work has been featured in print articles including Ars Technica, PC World, and MIT Technology Review. She’s also discussed security on television on programs such as Fox News Live and 16×9 on Global TV Canada.

Title: Can You Hear Me Now? "Leveraging Mobile Devices on Pentests BYOD is not a new concept. From contractor laptops to an employee’s game console in the break room, a compromised device in the corporate environment can lead to all sorts of bad things. In this talk we will look at the unique threats that BYOD for mobile devices brings to the table. The most security conscious corporations are deploying the latest devices and policies to stop attackers from breaching the perimeter and if they do to stop data exfiltration. We will discuss how mobile devices on a corporate network and/or handling company data undermines these efforts. We will look at multiple mobile platforms gathering sensitive information, attacking other devices such as other mobile devices, servers, and workstations, and using out of band communication to perform data exfiltration and communicate with internal devices. Multiple live demo scenarios will be shown and some useful code for pentesters will be released."

Speaker: Clint Pollock "Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches."

Title: Tips for Building a Successful Application Security Program Application Vulnerabilities are steeply on the rise. At $350 billion per year software is the largest manufacturing industry in the world yet there are no uniform standards or insight into security, risk or liability of the final product. The development environment is becoming increasingly complex – application origin ranges from internally developed code, outsourced, 3rd party, Open Source, and Commercial Off the Shelf software. Ensuring these entities are creating secure software is becoming a daunting task. Lots of emphasis is placed on IT controls, patching, etc, but the new attack vector is your applications. During this presentation we will recap the state of software security today and discuss detailed actions you can take to build a successful application security program that is centralized, policy-driven, and comprehensive.

Back to Top

Owasp Houston July Chapter Meeting
When: Thursday, July 18, 2013 6:00 PM to 9:00 PM Where: 1706 Yorktown St 1706 Yorktown St Houston, Tx

Title: July Workshop If you've been in application security for more than a day, you've probably heard about SQL injection. However, code injection flaws span a wide range of issues and are SQL is not unique in its susceptibility to injection attacks. In this class, we'll learn about another query language called XPath and discover how it, too, can be susceptible to injection attacks. Using the "XMLmao" testbed from the Magical Code Injection Rainbow suite, attendees will learn hands-on how to perform XPath injection attacks. We will also have a copy of the testbed running on some virtual machines for everyone to test out after the workshop. Workshop Host: Daniel Crowley "Daniel is a Managing Consultant for Trustwave's SpiderLabs team. Daniel has developed configurable testbeds such as SQLol, XSSmh and XMLmao for training and research regarding specific vulnerabilities. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE."

Back to Top

Owasp Houston June Chapter Meeting
When: Thursday, June 27, 2013 6:00 PM to 9:00 PM Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour Please join us next Thursday, June 27th. OWASP Houston will be are hosting a happy hour at Stag's Head pub starting at 6PM. I encourage you to come and participate in a discussion on possible OWASP projects that OWASP Houston community can get engaged with. We feel, as a chapter, we should be involved with at least one OWASP project. Please join us discuss how you can participate.

Back to Top

Owasp Houston May Chapter Meeting
When: Thursday, May 16, 2013 6:00 PM to 9:00 PM Where: Sheraton Suites Houston Galleria 2400 West Loop S · Houston, TX

Title: Mini-Con Reserve a ticket on eventbrite for entry https://owasp-houston-may-mini-con.eventbrite.com/ RSVP does not guarantee entry.We will be opening eventbrite shortly We're trying a new venue in the Galleria Area. Please join us in the Galleria area at the Sheraton Suites, 2400 West Loop South.

Speaker: Kevin Johnson "Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA."

Title: Catching Flies with Mr Miyagi: Web Application Testing Techniques "In this talk based loosely around the Karate kid movies, Kevin John (CEO of Secure Ideas) will walk through some techniques to improve your web penetration testing techniques. Stop being the kid moved from NJ and dropped into a cruddy apartment. Learn the wax on/off of testing modern web applications."

Speaker: Terry Ray

Title: WTF, WAF Testing Framework "Presenting an approach to evaluating web application firewall capabilities that is suitable to the real world use case. Our methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. We will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment."

Sponsors:
 * Alert Logic
 * Barracuda
 * cPanel
 * Imperva

Back to Top

Owasp Houston April Chapter Meeting
When: Thursday, April 18, 2013 6:00 PM to 9:00 PM Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: This event was originally intended to be a workshop. But, our speaker for this event fell through. We will still have an informal meeting at Stag's Head for some adult beverages on April 18th at 6PM. If you want to have conversations about security topics and upcoming OWASP Houston plans please stop by. Unlike usual, we will not be using the private room. We'll be in the general area. Look for people with laptops and backpacks.

Back to Top

Owasp Houston March Chapter Meeting
When: Thursday, March 14, 2013 6:00 PM to 8:00 PM Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Happy Hour Please join us 6PM Thursday March 14th at Stag's Head for an OWASP Houston Happy Hour. We will provide beer, food, and conversations with security professionals. The lock picking table will also be present at this event, and we will be giving out prizes for challenge winners. Stag's Head - 6PM Thursday March 14th http://www.stagsheadpub.com 2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby

Sponsors: Alertlogic & Imperva

Back to Top

Owasp Houston February Chapter Meeting
When: Thursday, February 21, 2013 6:00 PM to 9:00 PM Where: The Westin Galleria Houston 5060 West Alabama Street · Houston, TX

Title: Mini-Con Please read these details carefully. RSVP'ing on meetup.com will not guarantee entry to the event. This is a limited capacity event. If you would like to guarantee the availability of a seat please reserve a ticket with eventbrite. https://owasp-feb-mini-con.eventbrite.com Please join us in the Imperial Suite, located on the 24th floor of the Westin Galleria, on Thursday, February 21st at 6PM for the first OWASP Houston conference-style event of 2013. The featured presentation will be delivered by Jason Chan, Cloud Security Architect from Netflix. Jason will be joining us to discuss Netflix approach to application security testing.

Sponsors:
 * Barracuda Networks
 * Imperva
 * Solid Border
 * AlertLogic

Back to Top

Owasp Houston January Chapter Meeting
When: Thursday, January 31, 2013 6:00 PM to 8:00 PM Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Workshops Join us on Thursday January 31st for an OWASP Houston Workshop. During this workshop attendees will be lead through the process of discovering and reporting vulnerabilities. We will start by reviewing source code for some common vulnerabilities. Once we identify interesting code, we will test the application to confirm our findings. Finally, we will discuss reporting. If you'd like to participate bring your laptop. You should prepare a virtual machine with Linux, Apache, Mysql, and PHP. If you just want to watch that's fine too. Please join us 6PM Thursday January 31st at Stag's Head. http://www.stagsheadpub.com 2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby

Sponsors: Alertlogic & Imperva

Back to Top

Owasp Houston March Chapter Meeting
When: Monday, November 19, 2012 6:00 PM to 9:00 PM Where: Stag's Head Pub 2128 Portsmouth St · Houston, TX

Title: Kick-off Meeting Thank you for your interest in OWASP Houston! We're planning a Kick-off meeting Monday November 19th to shape our plans for the 2013 year and we are looking for your participation. Please join us for food and drinks(beer) provided by our sponsor while we review aggregated survey results and finalize plans for our 2013 series of OWASP meetings. Please join us 6PM Monday November 19th at Stag's Head. http://www.stagsheadpub.com 2128 Portsmouth St Houston, TX 77098 Neighborhood: Upper Kirby We are looking for additional people that are interested in helping OWASP Houston. So if you want to get involved now is the time. Even though this is not a formal meeting I do expect some bugs will be discovered during the course of the meeting. So if you want to learn something come early.

Back to Top

=Training Days=

Past
=Sponsorship Info=

We are looking for sponnsors
"The houston chapter is currently looking for sponsors to help us host some of the following events. If you would like more information about sponsoring our chapter, please reach out to the chapter leaders."

Event Types

 * Happy Hours
 * Training Days
 * Presentations
 * General Chapter meetings