Hartford

Hartford

Sponsors
We would like to thank Ounce Labs, Finjan, Forrester Research, Oracle, The 451 Group, IronKey, The Hartford and Microsoft for their generous sponsorship and helping make application security visible...

If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email [mailto:owasp@jamesmcgovern.com James McGovern] with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.

Hartford

November 11th 2008
To add this event to your Outlook calendar, click here Hartford Food and Beverages for this event are sponsored by: Voltage Security

OPENING REMARKS: 5:00 - 5:15 PM James McGovern, OWASP Hartford Chapter Leader PRIVACY CONSIDERATIONS FOR WEBSITES: 5:15 - 6:00 PM Matthew Barach, Boston Privacy Group LIGHTWEIGHT SECURITY USING IDENTITY-BASED ENCRYPTION: 6:00 - 7:00 PM Richard Eisenberg, Architect at Voltage Security

Matthew Barach, ESQ Expert in information privacy including concepts and applications of U.S. and international privacy laws and information management practices as well as the privacy implications of emerging technologies. Expertise in HIPAA, COPPA, GLBA, APEC principles, OECD guidelines, EU Directive, employee records management, workplace monitoring, contingency planning, incident handling, PII, Web forms, cookie files, Spyware, spam and other KEY information privacy items. Matthew is Internet and Information Privacy Counsel at New York Consumer PRotection Board.

Richard Eisenberg Richard has over 18 years experience working in around financial service firms having been a consultant, programmer, program manager and global IT manager at firms such as Goldman Sachs and UBS. Eisenberg is now leveraging his business experience by helping organizations solve major security issues using Voltage Security, Inc's solutions. Richard now serves as a Regional Manager focusing on Financial Services in the Northeast. Identity-Based Encryption Identity-Based Encryption (IBE) is a new type of public key encryption that can use Identities such as Device Identifiers as public keys. Originally proposed in 1984, only recently practical implementations became available. IBE allows to build secure protocols with minimum overhead, while at the same time being highly scalable and easy to implement. In this session an overview of the technology, current standardization through IEEE and possible applications will be presented.

February 10th 2009
To add this event to your Outlook calendar, click here Hartford Food and Beverages for this event are sponsored by: Sun Microsystems

OPENING REMARKS: 5:00 - 5:15 PM James McGovern, OWASP Hartford Chapter Leader OPEN SOURCE IDENTITY SERVICES (The Higgins Project): 5:15 - 6:00 PM Mary Ruddy, Meristic Core Security Patterns: 6:00 - 7:00 PM Ramesh Nagappan, Security Architect at Sun Microsystems

Mary Ruddy Mary is the founder of Meristic. Mary founded and co-leads the Higgins open source identity framework project, is a founding Board Member of the Information Card Foundation and Chief Steward of Identity Commons. he MIT Sloan School of Management. Open Source Identity Services The Higgins Project is developing an extensible, platform-independent, identity protocol-independent, software framework to support existing and new applications. Its goal is to improve interoperability, privacy, and security as well as empower users with more control over their personal information.

This presentation demoed interoperability between Microsoft's CardSpace and Liberty-based products, all in an Open Source environment. Ramesh Nagappan Ramesh Nagappan is a Java Technology Architect at Sun Microsystems. With extensive industry experience, he specializes in Java distributed computing and security architectures for mission-critical applications. Previously he coauthored three best-selling books on J2EE, EAI, and Web Services. He is an active contributor to open source applications and industry-standard initiatives, and frequently speaks at industry conferences related to Java, XML, and Security. Core Security Patterns Core Security Patterns describe how to build robust end-to-end security into enterprise applications, web services, identity management systems and service provisioning systems. The primary focus of this presentation is to introduce a security design methodology using a proven set of reusable design patterns, best practices, reality checks, defensive strategies and assessment checklists that can be applied to enterprise applications.

March 9th 2009
To add this event to your Outlook calendar, click here Hartford Food and Beverages for this event are sponsored by: The RSA division of EMC

OPENING REMARKS: 5:00 - 5:15 PM James McGovern, OWASP Hartford Chapter Leader RECRUITING ELITE IT TALENT: 5:15 - 6:00 PM Jordan Haberfield (Agile Elephant), SVP of System One CASE STUDY: Rolling out a secure SDLC in a large enterprise: 6:00 - 7:00 PM Nehrav Mehta, Security Architect at EMC

JORDAN HABERFIELD

System One provides technical outsourcing solutions to clients in the energy, engineering, information technology and scientific sectors. Combining national recruiting capabilities and local market expertise, we are the go-to, single source firm for clients looking to attract, select and retain a quality workforce.

System One advises clients on recruiting strategy and organizational effectiveness. We also help skilled professionals advance their careers. The result — carefully-matched hires, well-executed projects, and effective resource management.

OWASP AppSec Executive Summit (May 2009)
Hartford Please visit our sponsors session, if you are interested in having a booth at this event

FRAMEWORK-LEVEL THREAT ANALYSIS: ADDING SCIENCE TO THE ART OF SOURCE CODE REVIEW: 1:00 - 1:45 PM Mary Ann Davidson, CISO of Oracle OFFSHORING APPLICATION DEVELOPMENT: SECURITY IS STILL YOUR PROBLEM: 1:45 - 2:30 PM Rohyt Belani, Intrepridus Group The STATE OF SOFTWARE DEVELOPMENT: 2:45 - 3:30 PM Grady Booch, Fellow at IBM INTO THE BREACH: A WAKEUP CALL FOR CORPORATE AMERICA: 3:30 - 4:15 PM Michael Santarcangelo, Chief Security Catalyst at Security Catalyst

MARY ANN DAVIDSON Mary Ann Davidson is the Chief Security Officer at Oracle Corporation, responsible for Oracle product security, as well as security evaluations, assessments and incident handling. She represents Oracle on the Board of Directors of the Information Technology Information Security Analysis Center (IT-ISAC)

ROHYT BELANI Rohyt Belani is a Managing Partner and co-founder of the Intrepidus Group. Prior to founding the Intrepidus Group, Rohyt started and ran Mandiant’s New York City operations. During the last 7 years, he has worked at premier information security organizations like Foundstone and the US-CERT. Rohyt is a regular speaker at various industry conferences, including Black Hat, OWASP, Hack-In-The-Box, InfoSec World, and several forums catering to the FBI and US Secret Service agents. He currently teaches a class at Carnegie Mellon University, and has been invited to guest lecture at the University of Wisconsin on the topic of information security.

GRADY BOOCH Grady Booch is recognized internationally for his innovative work on software architecture, modeling, and software engineering process. His work has improved the effectiveness of software developers worldwide. He has been with Rational Software Corporation as Chief Scientist since its founding in 1980. Grady is one of the original developers of the Unified Modeling Language (UML) and was also one of the original developers of several of Rational's products including Rational Rose. Grady has served as architect and architectural mentor for numerous complex software systems around the world.

MICHAEL SANTARCANGELO Michael Santarcangelo is a human catalyst*. An expert who speaks on information protection – including compliance, privacy and awareness – Michael energizes and inspires his audiences to change the way they protect information.

Michael is known for delivering simple and effective strategies that get results. He connects with audiences in a way that makes security relevant, easy to understand and achievable! With wit and clarity, he freely shares unique insights, innovative approaches and effective solutions that are informed by both experience and research.

UPCOMING 2009 EVENTS
Hartford

April 2009 IBM - Rational (Static Analysis)

June 2009 Kent Browne of IBM Gerald Beuchelt of Sun

September 2009

FRAMEWORK-LEVEL THREAT ANALYSIS: ADDING SCIENCE TO THE ART OF SOURCE CODE REVIEW: 3:30 - 4:15 PM Rohit Sethi, Security Compass

ROHIT SETHI

Rohit Sethi, Manager of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.

At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare.

He is often consulted for his dual expertise in information security and software engineering.

WEB CONFERENCING INFORMATION
We are pleased to present all OWASP meetings via conference call. To listen, the dialin number is 1-218-936-4700 (Passcode 606183). The conference line has a limited number of caller slots, so please be considerate of others and share whenever possible.

Call for Speakers
This is a call for speakers/papers. If we haven't approached you, but you believe you have a significant discovery or new research that the security community would value, or enjoy hearing about, we invite you to submit your presentation topic for serious consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience. Of course, all presentations are expected to challenge the brightest and quickest of attendees - we wouldn't have it any other way.

OWASP is not a vendor fair. Consequently, there will be very little tolerance for commercial content within presentations. Attendees will be encouraged to quell any shameless marketing that is not immediately backed up with rationale for its inclusion.

Some topics of interest for upcoming meetings include (but are not limited to):
 * Breaking CAPTCHA
 * Hacking Cardspace and Identity 2.0
 * Breaking Commercial Software for Fun and Profit
 * Tactics for breaking software licensing schemes
 * Gaming, the next overlooked security hole
 * Hacking Mainframes
 * Database rootkits

Past Events
Agenda: Wednesday, September 24th 2008

TOP TEN BOGUS TECH QUOTES OF THE YEAR: 6:00 - 6:45 PM Paul Roberts, Industry Analyst, The 451 Group Powerpoint presentation is located here

MAKING APPLICATIONS SECURE BY REMOVING SECURITY: 6:45 - 7:30 PM Andrew Stone, Senior Manager, Accenture Powerpoint presentation is located here

Agenda: Wednesday, June 11th 2008

CARDSPACE AND USER CENTRIC IDENTITY Chris Winn, Security Evangelist, Microsoft

IDENTITY GOVERNANCE FRAMEWORK Prateek Mishra, Product Manager, Oracle Powerpoint Presentation is here

Agenda: Wednesday, April 30th 2008

THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES Anton Chuvakin, Chief Logging Evangelist, LogLogic

KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE Jack Danahy, CTO and Founder, Ounce Labs

Agenda: Thursday, February 28th 2008

HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY Chenxi Wang, Principal Analyst, Forrester Research

EXPLOITING ONLINE GAMES Gary McGraw, CTO, Cigital

Locations
All meetings are held at the headquarters of The Hartford Financial Services Group (The Hartford), One Hartford Plaza, Hartford CT 06115 in the Tower Building, Atrium Conference Room. Free parking is available in our Tower Ramp Garage.