Los Angeles

LosAngeles

Local News
Upcoming Chapter Meetings

Meeting Location Symantec Corporation 900 Corporate Pointe Culver City, CA 90230 Laguna Conference Room

Wednesday, October 21th, 2009 7:30PM
Growing threats and complex regulatory requirements emphasize the need for an effective Information Security Management System (ISMS) framework for an organization. Comprehensive and globally accepted standards like ISO27001 can help in protecting information assets and in enabling compliance requirements. ISO27001 provides an Information Security framework based on best practices and controls to ensure the confidentiality, integrity and availability of information assets. This presentation analyzes the possible synergies between the goals of Information Security Management System (ISMS) and the various compliance requirements, thus making the compliance efforts less complex. Following are the key objectives of this presentation : Attendees will learn about ISO27001 Information Security Standard, ISMS implementation approach and how ISO27001 can be used in meeting various regulatory/compliance requirements like Sox, PCI etc. It will also help the attendees to improve the information security posture of the organization and provide an effective and efficient approach for handling various information security/compliance audits with less effort.
 * Enabling Compliance Requirements using Information Security Management System (ISMS) Framework (ISO27001)
 * Provide an introduction to ISO27001 and its controls
 * Discuss the implementation approach for an Information Security Management System (ISMS) framework
 * Familiarize the audience with some common challenges in implementation
 * Outline synergy between ISO27001 controls and some compliance requirements( PCI, etc)

Shankar Subramaniyan has over 11 years of experience as a technology consulting and project management executive in the areas of IT Governance, Risk and Compliance (GRC), Business Continuity Planning and Network Design & Architecture. He has thorough expertise on setting up Information Security Framework and Policies on the basis of industry standards such as ISO 27001. He has worked extensively on industry standards and best practices like BS7799 and ITIL. He also has good understanding and knowledge of various compliance requirements like PCI, Sox etc. Shankar' s experience includes IT audit, SOX remediation, ISMS (ISO27001) implementation, PCI compliance assessment, disaster recovery solution, enterprise risk management, designing IT security architecture and implementing ITIL processes. Shankar has rich experience in handling large projects and managing client relationships across corporate and educational sectors.

Wednesday, November 18th, 2009 7:30PM
Please check this page later.
 * TBA with Brian Chess, Fortify Founder and Chief Scientist

Brian Chess is a founder of Fortify Software and serves as Fortify's Chief Scientist, where his work focuses on practical methods for creating secure systems. His book, Secure Programming with Static Analysis, shows how static source code analysis is an indispensable tool for getting security right. Brian holds a Ph.D. in computer engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Before settling on security, Brian spent a decade in Silicon Valley working at huge companies and small startups. He has done research on a broad set of topics, ranging from integrated circuit design all the way to delivering software as a service.

Wednesday, December 16th, 2009 7:30PM
As the line between desktop and web applications becomes increasingly blurry in a web 2.0 world, browser functionality is being pushed well beyond what it was originally intended for. Persistent client side storage has become a requirement for web applications if they are to be available both online and off. This need is being filled by a variety of technologies such as Gears (formerly Google Gears) and the Database Storage  functionality included in the emerging HTML 5   specification. While all such technologies offer great promise, it is clear that the vast majority of developers simply do not understand their security implications.
 * Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications

Researching a variety of currently deployed implementations of these technologies has revealed a broad scope of vulnerabilities with frightening implications. Now attackers can target victims not just once, but every time they visit a site as the victim now carries and stores the attack with them. Imagine a scenario whereby updated confidential information is forwarded to an attacker every time a victim interacts with a given web application. The attacker no longer needs to worry about timing their attacks to ensure that the victim is authenticated as the victim attacks himself! Limited storage? Cookies that expire? Not a problem when entire databases are accessible with virtually unlimited storage and an infinite lifespan. Think these attacks are theoretical? Think again. In this talk we dive into these technologies and break down the risk posed by them when not properly understood. We will then detail a variety of real-world vulnerabilities that have been uncovered, including a new class of cross-site scripting and client-side SQL injection.

Michael Sutton,Vice President and security research at Zscaler, has spent more than a decade in the security industry conducting leading-edge research, building teams of world-class researchers and educating others on a variety of security topics. As VP of Security Research, Michael heads Zscaler Labs, the research and development arm of the company. Zscaler Labs is responsible for researching emerging topics in web security and developing innovative security controls, which leverage the Zscaler in-the-cloud model. The team is comprised of researchers with a wealth of experience in the security industry.

Prior to joining Zscaler, Michael was the Security Evangelist for SPI Dynamics where, as an industry expert, he was responsible for researching, publishing and presenting on various security issues. In 2007, SPI Dynamics was acquired by Hewlett-Packard. Previously, Michael was a Research Director at iDefense where he led iDefense Labs, a team responsible for discovering and researching security vulnerabilities in a variety of technologies. iDefense was acquired by VeriSign in 2005. Michael is a frequent speaker at major information security conferences; he is regularly quoted by the media on various information security topics, has authored numerous articles and is the co-author of Fuzzing: Brute Force Vulnerability Discovery, an Addison-Wesley publication.

= Would you like to speak at an OWASP Los Angeles Meeting? = Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email to [mailto:cassio@owasp.org Cassio Goldschmidt]. When accepted it will be required to use the following powerpoint OWASP Template

This page provides a list of previous presentations conducted at the Los Angeles Chapter.

=Los Angeles Chapter Leader=
 * [mailto:cassio@owasp.org Cassio Goldschmidt]