Los Angeles

https://www.owasp.org/images/2/2f/Donatenow.jpg
Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits:: - Meet upwards of 60-90 potential new clients - Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site - Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting. - Have a table at local chapter meeting - Promote your products and services - Bring a raffle prize to gather business cards

Contact us for general questions relating to sponsorship and donations

Participation
OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related security topic you would like to present on.

''' OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY
'''http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png

Next OWASP Meeting
**NOTE: Date for this event **

7pm July 23, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230
'''Topic#1: Single, and Secure? Security in Single Page Architecture web applications

Recently, I was invited to speak about security to a group UI developers at Intuit at its internal conference called Front End Engineering. It is a group of engineers who -- for all justifiable reasons -- do not have to or just do not worry about security when writing software. This status quo has changed with the emergence of the full stack developer, a developer who writes both UI on the front end and business logic on the back end, usually using the same language of choice, JavaScript.

In this talk, I will talk about security issues that full stack developers need to worry about when designing and writing SPA applications, and share my experience about how security concepts are perceived by talented UI designers and front end engineers.

'''Speaker:  Tin Zaw

Tin Zaw is a former president and current board member of OWASP Los Angeles chapter. During the day, he works as a software security leader at Intuit. He is an alumnus of University of Southern California.

---

'''Topic#2: Aviator Secure Browser Presentation and Demo

The tradeoffs required to make a secure browser are often largely poorly understood even amongst the best of security people. It makes sense since so few people actually work on browsers. There is little knowledge about what it requires to make a browser safe enough to use when viewing hostile websites - against all known adversaries. In this presentation we will cover how browsers are critically insecure, how they can be made to be secure, and what consumers forfeit in order to gain that extra level of security. Lastly, the presentation will cover how to think about tradeoffs and what customers can live without.

'''Speaker:  Nick Schilbe, Director, Solutions Architecture, WhiteHat Security

Nick Schilbe is currently the Sr. Director of Solutions Architecture at WhiteHat Security. Nick began his career at WhiteHat as a security engineer who verified vulnerability data, managed services for his customers, and provided manual penetration testing on over 500 web applications. He eventually became the Manager of the Threat Research Center where he developed, refined, and implemented new processes and workflows for the WhiteHat Sentinel family of website risk management solutions. His WhiteHat Security Engineering team provided service to more than 6000 web applications – primarily production e-commerce, financial services, and healthcare websites, including those owned by many Fortune 500 companies. Afterwards he created the Research & Development division which focused on improving the Sentinel testing methodology, researching new types of attack techniques, responding to zero day issues, and making the overall assessment process more efficient.

Would you like to speak at an OWASP Los Angeles Meeting?
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:richard.greenberg@owasp.org Richard Greenberg] OR [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.

Upcoming OWASP Meetings
Opening Topic: Bypassing SOP (same origin policy) The talk more or less from a higher level perspective of SOP bypass. He'll discuss a few different attacks (in detail) and the eco system of the browser in relation to SOP and the attack surface. Speaker: JP Schwieterman Born in the flat lands of the mid-west, JP ended up traveling and living in a few different places in Europe. After graduating high school he spent his formative 20’s working with Paramount, Nickelodeon, Warner Brothers, ABC, etc… Some time while leaving the entertainment industry, at the behest of his then girlfriend he a bought a computer. Soon after that, a choice was eventually given to him… girlfriend or computer. He currently purchased his 9th computer last month and is head long in researching the wide world of application and network security and loving every minute of it!
 * Aug 27, 2014 OWASP meeting

Main Topic: Securing Complex Forms Speaker: Jim Manico The heart of how users interact with a web application is the HTML form submission. A great deal of very sensitive data flows over HTML forms. Securing web form submissions is critical for the construction of a secure web application. Multi-form workflows make securing form submissions even more complicated! This presentation will take you on a journey as untrusted data flows from a form submission into the many layers of a secure web application.

• Review some of the basic threats against web forms • Learn some of the most important defense categories for building secure web forms • Discuss some of the more complex aspects to form construction, such as workflow

Topic: Securing the SDLC in the real world Speaker: Jim Manico The earlier you address security in the engineering of software, the less expensive it will be for your organization. There are many who will tell you that you need to change all of your current processes around building software so it is more secure. Many of those forces are consultants charging high rates to help you deeply modify what you are doing today. This talk will will take the opposite approach. How can you add a few reasonable and mostly lightweight processes to how you build software today to make it more secure? Software development is like driving a boat. You need to look ahead make small changes to steer effectively.
 * Sept 17, 2014 Joint OWASP and ISSA Dinner meeting

Jim Manico is an author and educator of developer security awareness trainings. He is also a frequent speaker on secure software practices and is a member of the JavaOne "rockstar hall of fame". He has a 17 year history building software as a developer and architect. Jim is also one of the members of the Global Board of Directors for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects. Jim is currently working on a book with McGraw-Hill and Oracle-Press on Java Security. For more information, see http://www.linkedin.com/in/jmanico.

Other Events

 *  ISSA-LA Monthly Lunch Meeting at Taix French Restaurant - Wednesday July 16th 2014 11:30am - 1:45pm 

Archives of Previous Meetings
2014 Meetings

2013 Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

Presentation Archive

Los Angeles Chapter

 * [mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President
 * [mailto:tin.zaw@owasp.org Tin Zaw] -- Board Member
 * [mailto:edward@owasp.org Edward Bonver] -- Board Member
 * [mailto:mike.francis@owasp.org Mike Francis] -- Board Member
 * [mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member
 * [mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member
 * [mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member

Volunteers: Yev Avidon and Mikhael Felker OWASP Wiki: [mailto:mike.francis@owasp.org Mike Francis] The Los Angeles chapter was founded by Cassio Goldschmidt.

The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos