Los Angeles

LosAngeles

Local News
Upcoming Chapter Meeting

Meeting Location Symantec Corporation 900 Corporate Pointe Culver City, CA 90230 Laguna Conference Room

April 15th, 2009 7:30PM
For a long time, the impact of XSS vulnerabilities has been grossly underestimated. Recent compromises, such as the pro-Hillary defacement of Barack Obama's website demonstrated the impact of XSS vulnerabilities to the masses.
 * Cross Site Scripting, Exploits and Defenses

During this presentation, we demonstrated exactly how effective XSS vulns can be, and showed you what you can do to protect yourself and your sites.

The practicalities of doing live-demos meant that each night we had one demo fail. At Denver it was the live session stealing demo against a production website. In Boulder it was the browser-based botnet.

Nevertheless, we hope that you found the presentations interesting, and the interactive format a welcome change.



Note that alot of the content is hidden in the speakers notes of the presentation, which we need to sanitize a bit to protect to guilty prior to posting. OWASP Colorado chapter leader David Campbell is an infosec veteran, with experience ranging from penetration testing for Fortune 100's to architecting security solutions for large multinational financials to consulting for government agencies. DC is presently head of security engineering for Raytheon Polar Services, and is also on the board of directors of Psiframe Inc., a San Francisco based security consultancy.

May 20th, 2009 7:00PM (note the time change)
The polls are closed, votes are in, and we have the winners making up the Top Ten Web Hacking Techniques of 2008! The competition was fierce with the newest and most innovative web hacking techniques to the test. This session will review the top ten hacks from 2008 - what they indicate about the security of the web, what they mean for businesses, and what might be used against us soon down the road. Jeremiah Grossman is the founder and CTO of WhiteHat Security. He is considered a world-renowned expert in Web security, is a co- founder of the Web Application Security Consortium, and was named to InfoWorld's Top 25 CTOs for 2007. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA, CSI, HiTB, OWASP, ISSA, and a number of large universities. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks. Grossman is often quoted in the the business and technical press. Prior to WhiteHat, Grossman was an information security officer at Yahoo!
 * Top Ten Web Hacking Techniques of 2008: "What's possible, not probable" 

June 24th, 2009 7:30 PM
Information warfare is the composite use of psychological operations (PYOPS), military deception (MILDEC), operational security (OPSEC), computer network operations (CNO), and electronic warfare (EW) to control and disrupt information flow. Recently, interest in information war technologies, techniques and policy issues have increased, especially in the domain of CNO. Increased scrutiny over network operations is both legitimate and valid, as global commerce and military powers are integrated and dependent on the Internet for critical operations. This presentation will describe the five domains of information warfare, the past use of information warfare in the Gulf war and recent Cyber attacks on the Eastern European countries of Georgia and Estonia. Information will be presented on possible new directions of information warfare. Mikhael Felker, CISSP-ISSEP has worked in a variety of roles including instructor, engineer, and researcher. He is currently employed by The Aerospace Corporation in the Information Assurance Technology Department, supporting Information Assurance (IA) for satellite systems. He is also an Instructor within the Computer & Information Systems Division at UCLA Extension, teaching a course in networking. Actively involved in the Los Angeles security community, he is the Education Director for Los Angeles Chapter of Information Systems Security Association (ISSA), member and speaker of Information Systems Audit and Control Association (ISACA), and former Defense Sector Coordinator for InfraGard. Mikhael has published articles in IEEE Security & Privacy, the ISSA Journal, Information Systems Control Journal, and SecurityFocus. He is a recipient of the Scholarship for Service Program (SFS) Fellowship, sponsored by the National Science Foundation and Department of Homeland Security (DHS). Mikhael completed his graduate work at Carnegie Mellon University with a Master's in Information Security Policy & Management and Bachelor's at UCLA in Computer Science. He holds over 10 certifications in IT and Security.
 * Information Warfare: Past, Present and Future

= Would you like to speak at an OWASP Los Angeles Meeting? = Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email to [mailto:cassio@owasp.com Cassio Goldschmidt]. When accepted it will be required to use the following powerpoint OWASP Template

This page provides a list of previous presentations conducted at the Los Angeles Chapter.

=Los Angeles Chapter Leader=
 * [mailto:cassio@owasp.com Cassio Goldschmidt]