Rochester

GOT OWASP? Don't miss the OWASP USA APPSEC 2009 http://www.owasp.org/images/9/92/Dc09.png

Welcome to the OWASP Rochester Local Chapter
Welcome to the local Rochester chapter homepage. The chapter leader is [mailto:rd@rd1.net Ralph Durkee]

Rochester

Participation
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the Chapter Rules.

The Rochester chapter has two mailing lists: one for announcements and one for general discussion. The announce list is for official communications (e.g meeting announcements, web site updates, etc). The discussion list is for general participation and everyone is encouraged to post. The announce mailing list can be found here. The discussion mailing list can be found here. You can also review the announce and discussion e-mail archives to see what folks have been talking about. Please make sure you are subscribed to announce to receive any last minute meeting info.

Local Officers
 
 * President: [mailto:rd@rd1.net Ralph Durkee]
 * Vice President: [mailto:andrea.cogliati@owasp.org Andrea Cogliati]
 * Treasurer: [mailto:andrea.cogliati@owasp.org Andrea Cogliati]
 * Secretary: Appointed by Event Coordinator at each meeting.
 * Event Coordinator: [mailto:andrea.cogliati@owasp.org Andrea Cogliati]
 * Communications and Chapter OWASP Evangelist: [mailto:lou.leone@owasp.org Lou Leone]
 * Webmaster: [mailto:duane.peifer@uberguard.com Duane Peifer]
 * Mail List Administrator: [mailto:duane.peifer@uberguard.com Duane Peifer]

Meeting Dates & Location
Dates: The third Monday of every month, starting at 6:00 PM.

Types of events: Formal meeting (featuring a presentation) in odd numbered months, informal event (open forum with beer and wings) in even numbered months

Locations:


 * Formal meetings at 1225 Jefferson Rd, Rochester, NY 14623 (near I-390) Google Maps
 * Beer and wings at Mac Gregor's Grill & Tap Room, 300 Jefferson Rd, NY 14623 Google Maps

Formal meeting space is graciously offered by Bryant & Stratton College Enter the Frontier Commons plaza, near the Post Office. Towards the right, rear of the plaza is the PSC (Professional Skills Center) door, which is to the left of the main Bryant & Stratton entrance door. There will be a sign on the door indicating the room in which we will meet.

Please note that for informal meetings at Mac Gregor's, everybody needs to pay for their own food and drinks.

November Meeting - Expert Panel Discussion

On November 16th at 6pm, the Rochester OWASP Chapter will be holding a discussion panel on Web Application Security with local security managers and professionals. The panel will be hosted by Mykonos at 220 Kenneth Dr, Rochester, NY (entrance from Leigh Station Rd or W Henrietta Rd), near 390 and Leigh Station Road. Food and refreshment will be provided courtesy of Mykonos.

Please RSVP to  for headcount no later than Friday, November 13th. Please also feel free to submit questions for the panelists to the discussion mailing list . The panelists will also take questions from the audience.

Panelists

Kyle Adams: As architect and lead developer for Mykonos, Kyle Adams has final responsibility for code quality and technical excellence. Kyle is an undergraduate at the Rochester Institute of Technology, earning a Bachelor Degree in Computer Science with a minor in Criminal Justice. He wrote his first password protection software at age 10, started hacking incessantly, and was writing his own encryption software by age 14. An AJAX expert and enthusiast, Kyle has worked on scores of web application projects as a freelancer and entrepreneur. At BlueTie, Kyle re-wrote the application framework that drives their SaaS based email and collaboration platform. That framework was the beginning of Mykonos.

Howard Brill: Howard Brill is the Director of Health Informatics at the Monroe Plan for Medical Care, an IPA focused on Medicaid and Public Programs in Western New York. In 2008, the Monroe Plan’s program was rated the third best Managed Care Medicaid Plan by NCQA. The Health Informatics Department at the Monroe Plan develops information systems and supports the evaluation of clinical programs. Dr. Brill was the Senior Director of Physician Management Systems at HCIA, a major health informatics company, where he was responsible for the development of physician profiling software. He has publications in medical sociology, statistical methodology, labor market studies, and immigration law research. Dr. Brill has made several presentations on predictive modeling at national conferences. He is a member of the IEEE Computer Society, AcademyHealth, and the Health Information and Management Systems Society. He chairs the Rochester chapter of the IEEE Computer Society. Dr. Brill received his Bachelor of Science degree in Microbiology from Cornell University, Ithaca, New York in 1981. He received his Doctor of Philosophy degree in Sociology from Binghamton University in 1994.

Dwayne Foley: Dwayne is currently employed at XEROX Corporation in the Information Risk Management Group as a Senior Security Analyst. He is currently focused on security strategy and forward thinking projects that will help Xerox improve and maintain the proper security posture while enabling and embracing new technologies and services. Other current and past security related activity activities include: security reviews, firewall rules, router configuration reviews, perimeter services audit and review, system security checklist updates, input on policies updates, onsite vendor audits, network and database discovery, vulnerabilities and remediation scans, Provide SME (subject matter expert) support for SOX, and PCI compliance. Dwayne has over 25 years in the IT industry with 15 years of security focus. He worked for a LPA/ Xelus a Rochester based software development firm for 15 years in a number of capacities; Senior Systems Engineer, Security Manager, Information Technology Manager and Technical Consultant. Activities including managing, building and securing systems for enterprise level applications for development, test, QA and production. Dwayne work closely with developers to influence product direction related to security and network performance thought several technology refreshes. Dwayne also spent a number of years traveling consulting and implementing enterprise solutions for many of Xelus’s fortune 500 customers. Dwayne currently holds four security certifications: CISM, CISSP, GIAC GSEC, and GIAC GCFW

Jeff Lambert: As BlueTie's Chief Technology Officer, Jeffrey Lambert is responsible for the Systems and Network Administration groups at BlueTie, as well as managing Quality Assurance and BlueTie's corporate IT computing infrastructure including the build out, maintenance and operations of BlueTie's data centers. Mr. Lambert joined BlueTie as its first employee in March 1999 after working with Mr. Koretz at his previous company, Network Marketing International. The Systems and Network Administration groups are responsible for maintaining all of BlueTie's IT environments as well as improving the performance, scalability and reliability of BlueTie's suite of applications.

Jim McConeghy: Jim McConeghy is an experienced leader with solid financial, operational, process and information systems skills. He has gained his strategic and tactical experience through: Controllership roles in both Fortune 500 and midsize firms; Operational assignments in credit & collections, customer & consumer service, distribution, inventory management, product development, and new business development; Audit experience in both Public Accounting and domestic and international Internal Audit roles and Fortune 500 companies; Project leadership and implementation in a consulting practice including: Business process improvement projects, Product line profitability studies, Accounting Restatements, Sarbanes Oxley Design and Implementation. With over 25 years' experience in driving results through business process reengineering, performance measurement, change implementation, and information systems, Jim has a proven track record in implementing positive change. He has been a hands-on leader for many financial and operational performance improvement teams and has been a key contributor in information systems conversion and enhancement projects. Jim's strong analytical and communication skills are key assets when driving profit improvement change through and across organizations. He has extensive experience in all aspects of manufacturing, distribution, marketing, finance, project management, and information systems in both small organizations and Fortune 500 multinationals. He has worked extensively as a corporate senior financial manager for the past decade. In 2004, Jim founded Signet Management, LLC, a consulting firm focused on business success through the use of financial tools, information system enhancements, and quality processes for midsize to large organizations. His management skills in an entrepreneurial enterprise like Signet are evident to clients and partners alike. Jim is a Certified Public Accountant. He received his MBA in finance and accounting from the William E. Simon Graduate School of Business Administration at the University of Rochester, Rochester, New York, and his BBA in accounting from Niagara University, Niagara Falls, New York. He is a leader in the Rochester Chapter of Financial Executives International, and a member of both the American Institute of Certified Public Accountants and the Turnaround Management Association.

Duane Peifer: Duane is CTO at UberGuard Information Security, LLC, in Avon, NY, where he provides UberGuard's customers with technical consulting and web site security assessments and penetration tests. He holds a B.S. in Computer Science from Rochester Institute of Technology and has 15 years of Systems Engineering and Project Management experience. Duane is also the co-owner of UberScan, LLC, a startup software development company.

Past Events

 * Oct 29-30 2008 - Rochester Security Summit 2008


 * The Rochester OWASP chapter in partnership with other Rochester institutions is organizing the third annual Rochester Security Summit Oct 29-30 during National Cyber Security Awareness Month. This year we'll have a full day dedicated to application security and we are are working to bring to Rochester the best national acclaimed speakers.

Visit Rochester Security Summit Site for details.

Past Presentations
October Hackerfest 2009 Introduction to OWASP Rochester by Ralph Durkee, Lou Leone [[Media:Intro_to_OWASP_Rochester_v9.ppt|PPT]]

September OWASP 2009 Securing Apache Web Servers with Mod Security & CIS Benchmark by Ralph Durkee [[Media:Durkee_Apache_2009_v7.ppt|PPT]] [[Media:Durkee_Apache_2009_v7.odp|Open Office]]

May OWASP 2009 Key Management - One Perspective by Lou Leone [[Media:N-tierKeyManagementIssues.ppt|PPT]]

May IEEE 2009 Introduction to OWASP, presented by Ralph Durkee and Andrea Cogliati [[Media:Intro_to_OWASP_Rochester_v5.ppt|PPT]]

January 2009 Paranoid Programming Practices, by Lou Leone and Aaron Witt [[Media:ParanoidProgrammers.ppt|PPT]]

May 2008 Database Encryption, by Ralf Durkee [[Media:Database_Encryption.ppt‎|PPT]]

January 2008 SQL Injection and Dynamic SQL, by Andrea Cogliati [[Media:MoreSQL.zip|ZIP]]

September 2007 2007 OWASP Top 10 Most Critical Web Application Security Vulnerabilities, by Ralph Durkee [[Media:OWASP_Top_10_2007_v6.ppt|PowerPoint]]

October 2006 The first of the OWASP top ten: unvalidated input, by Steve Buck. PowerPoint

April 2006 PGP: Encryption for e-mail and web applications, by Ralph Durkee PDF

February 2006 Identity Theft, Phishing and Pharming, by Danny Allan PDF

February 2006 Secure e-mail, by Thomas Bullinger PDF

January 2006 PCI Compliance, by Pat Massey, Ralf Durkee, Maureen Baran PDF

September 2005 Two Factor Authentication for Java Applications with Client Certificates, by Ralf Durkee PDF Open Office

April 2005 Avoiding Backend Exploitation of Mail Forms, by Max Kessler PowerPoint Open Office

March 2005 Bringing Two-Factor Authentication to Web Applications, by Michael Starks PowerPoint Open Office

February 2005 Insecure Storage, by Chris Karr PowerPoint

January 2005 Access Control and Session Mgmnt, by Steve Buck PowerPoint Open Office

November 2004 Intro to OWASP by Ralf Durkee. Demonstration of SQL Injection attack and prevention, by Paul Cupo PowerPoint