South Florida

Miami Ft Lauderdale

Local News
Note To CISSP &amp; CISA Holders: OWASP Meetings can count towards CPE Credits.

Be sure to hook up with us on the social network of your choice to recieve updates on our events!

Facebook

Twitter

LinkedIn

'''Wed. December 1, 2010 - 6pm - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Room 3032/3034 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) 6pm Attacking web applications via XSS with BEeF and Metasploit Join us as Rod Soto presents a method of gaining administrative access to a domain controller through the exploitation of a DOM XSS vulnerability in a web application. The talk serves to demonstrate the risks that are posed through client side exploitation. Bio: Rod Soto is a vulnerability analyst and local security researcher. He is also a consultant to businesses around the globe regarding enterprise security matters. '''Wed. October 6, 2010 - 6pm - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Room 1124 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) 6pm Abstract: Improving application security with ESAPI Swingset The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organisations about the consequences of the most important web application security weaknesses. ESAPI is Enterprise security API's for remediation of OWASP Top 10 vulnerabilities. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI libraries. The application is intended for Java Developers. The goal of the application is to teach developers about the functionality of the ESAPI libraries and give users a practical understanding of how it can be used to protect web applications against common security vulnerabilities. Bio: Fabio is currently working as an Information Security Specialist at AIB Bank (Dublin, Ireland). His tasks include performing risk analysis, assessing the security of web applications developed internally or purchased from third parties, define policies and standards on secure coding, as well as providing training on web application security to developers, auditors, executives and security professionals. Prior to joining AIB, he worked as a Security Engineer at Symantec Security Response European Headquarters analyzing malicious code, blended threats, security risks and vulnerabilities in various applications. Before moving to Ireland, he worked in the development of different training programs and activities with emphasis on secure software development in his native Argentina. <br As a member of the OWASP organization, Fabio is part of Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security, he coordinates international conferences around this topic, and since early 2010 has been appointed chairman of OWASP Chapter in Ireland. Fabio is a graduate in Computer Engineering from the Universidad Católica Argentina and has been granted the CISSP by (ISC) 2 back in 2006.

'''Wed. August 25, 2010 - 6pm - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Room 1124 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) 6pm This meeting's presentation is entitled "PCI Fundamentals" The talk will discuss the PCI compliance process, requirements, and implementations for everything from networks to web applications. The talk will be presented by Ivan Moskowitz.

Presenter Bios:

Ivan Moskowitz is a local security researcher and compliance auditor at a Fortune 100 firm.

'''Wed. July 28, 2010 - 6pm - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Room 1124 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) 6pm This meeting's presentation is entitled "Citrix Vulnerabilities." The talk will discuss the architecture of a Citrix server, as well as the vulnerabilities that exist within various configuration settings. The talk will be presented by Adam Cazzolla and Dickson Kwong.

Presenter Bios:

Adam Cazzolla and Dickson Kwong are local security researchers and web application vulnerability analysts at a Fortune 20 firm.

'''Wed. June 23, 2010 - 6pm - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Room 1124 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) 6pm This meeting's presentation is "Defensive Web Application Development" and "Modern Digital Crime Tools and Techniques"

This next OWASP meeting will feature two talks that are scheduled to be presented at the upcoming 2600 Hackers On Planet Earth conference (http://www.hope.net) in New York City. We will be featuring a sneak-peek preview of these talks on June 23, 2010 at the Nova campus.

"Defensive Web Application Development" by Pete Greko and Fabian Rothschild

This talk will examine various methods of code obfuscation for web application development. The goal is to make the tracking of covertly logged data too difficult for the average attacker to bother with.

"Modern Digital Crime Tools and Techniques" by Alexander Heid

This talk will examine the latest developments of tools and trends within the world of digital crimes. The talk will go over updates, developments, and plugins of new Zeus trojan variants, and will also examine new versions of various exploit kits used to distruibute malicious payloads. An overview of the digital crime lifecycle will be discussed as well.

Presenter Bios:

Pete Greko - is a local security researcher and board member of HackMiami. Greko is employed within the financial industry as a web application vulnerability analyst.

Alexander Heid - is a local security researcher and board member of Hackmiami and co-chair of South Florida OWASP. Heid is also employed within the financial industry as a web application vulnerability analyst.

Fabian Rothschild - is a local security researcher and member of HackMiami. Rothschild is employed as an security consultant for various clients around South Florida.

'''Wed. May 26, 2010 - 6pm - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Room 3032/3034 located on the 3rd floor, Eastside of the Carl DeSantis Building 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) 6pm This meeting's presentation is "PCI Compliance Fundamentals" by Georgios Mortakis of Enterprise Risk Management, Inc.

The presentation will go over application development to ensure PCI compliance, specifically developing applications to defeat the use of magnetic stripe skimmers. There will be live demonstrations taking place with a magnetic stripe skimmer showing ways to defeat the interception of important data.

Presenter Bio:

Georgios Mortakis (CISSP, CISA, QSA) is a Director of Information Systems Security with Enterprise Risk Management, Inc. Enterprise Risk Management, Inc, found in Miami FL in 1998, offers a wide variety of information security and information systems audit services to local, national (Fortune 500) and international businesses. [[Media:South_Florida_OWASP_May_2010_Card_Skimming_Demo.pdf]]

'''Wed. April 28th, 2010 - 6pm - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Room 3049/3051 located on the 3rd floor, Eastside of the Carl DeSantis Building 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) 6pm This meeting's presentation is "Cisco ACE Web Application Firewall Use Cases" by Rob Kinnion and Vikas Deolaliker.

The presentation will give a overview of the WAF market and the real world deployments and customer concerns which will help OWASP evolve the WAF as a product category. This event will also be available during a live WebEx feed. Details are below.

Presenter Bios:

Rob Kinnon has been a Systems Engineer for 10-years at Cisco. He has held the coveted CCIE many years before most people even heard of it. He is one of the most highly respected and formidable Cisco Security engineers within the region. Rob specializes in Cisco Security Architecture in NAC, Intrusion Prevention, Security Monitoring, and Log Correlation just to name a few. Rob has helped countless organizations protect and secure their networks.

Vikas Deolaliker is a Product Manager in DCASBU at Cisco for Cisco WAF. He has helped define and product manage a broad spectrum of products for the datacenter including: SOA Appliances, SAN Director Class Switches, Grid Computing Middleware, Java Enterprise Software. WebEx Live Session Information:

Meeting Number: 201 076 756

Meeting Password: Cisco

To start this meeting

1. Go to https://cisco.webex.com/cisco/j.php?S=201076756

2. Log in to your account.

3. Click "Start Now".

4. Follow the instructions that appear on your screen.

ALERT:Toll-Free Dial Restrictions for (408) and (919) Area Codes

The affected toll free numbers are: (866) 432-9903 for the San Jose/Milpitas area and (866) 349-3520 for the RTP area.

Please dial the local access number for your area from the list below:

- San Jose/Milpitas (408) area:  525-6800 - RTP (919) area:  392-3330

To join the teleconference only

1. Dial into Cisco WebEx (view all Global Access Numbers at

http://cisco.com/en/US/about/doing_business/conferencing/index.html

2. Follow the prompts to enter the Meeting Number (listed above) or Access Code followed by the # sign.

San Jose, CA: +1.408.525.6800 RTP: +1.919.392.3330

US/Canada: +1.866.432.9903 United Kingdom: +44.20.8824.0117

India: +91.80.4350.1111 Germany: +49.619.6773.9002

Japan: +81.3.5763.9394 China: +86.10.8515.5666

http://www.webex.com

IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, do not join the session.

'''Wed. March 31st, 2010 - 6pm - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Knight Lecture Hall - Room 1124 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) 6pm This meeting's presentation is "Adon't be an Adobe victim: An overview of how recent Adobe-related flaws affect your web application" by Josh Stabiner.

The talk will examine the threats posed by PDF and Flash vulnerabilities to web applications and their users, and will examine ways to mitigate the potential threats to your organization.

Presenter Bio:

Josh Stabiner is a manager in Ernst &amp; Young's Advanced Security Center specializing in attack and penetration advisory services. He manages and executes assessments of web applications, external, internal and wireless networks, as well as physical security and social engineering. [[Media:South_Florida_OWASP_Adobe_ASC_Demo.pdf]] '''Wed. Jan 27th, 2010 - 6pm- South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus Knight Lecture Hall, Room 1124 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) This meeting's presentation is "Zeus &amp; You: Analysis of the underground's most popular trojan" by Alexander Heid and Fabian Rothschild. [[Media:OWASP_miami_Zeus_and_You_01-2010.pdf]] '''Wed. Oct. 7th, 2009 6PM - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus 2nd Floor - Room 2071 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) This meeting's presentation is by Gary Bahadur and will be based on the presentation he is giving at Hacker Halted on the topic of Supplier Risk Management with more of a web focus.

'''Thu. Aug 20th, 2009 3:30PM - South Florida OWASP Meeting'''

Facility Location: NOVA SOUTHEASTERN UNIVERSITY Carl DeSantis Building, Main Davie Campus 1st Floor - Room 1048/1049 3301 College Ave Fort Lauderdale, FL 33314-7796 Phone: 800-541-NOVA (6682) This meeting's presentation is "Security in .NET Applications &amp; Integrating Security in the Software Development Lifecycle" by Jon Arce. This is a joint meeting that has been arranged graciously by the local ISSA chapter (www.sfissa.org). [[Media:OWASP_miami_Integrating_Security_in_App_Dev_v1_1-2009_08.pptx]] [[Media:OWASP_miami_App_Security_Using_dotNET_Framework_v1_0-2009_08.pptx]]

'''Tue. June 30th, 2009 6:00PM - South Florida OWASP Meeting'''

Facility Location: Mission Critical Systems, Inc. 1347 East Sample Road, Suite 3 Pompano Beach, Fl 33064 Phone: (954) 788-7110 This meeting's presentation is "Risk Rating Models for Vulnerabilities" by Rishikesh Pande. [[Media:OWASP_miami_Risk_Modeling_v2-2009_06.pdf]]

'''Fri. April 3rd, 2009 6:00PM - South Florida OWASP Meeting'''

Facility Location: Immunity, Inc. 1247 Alton Road Miami Beach, FL 33139 Phone: (212) 534-0857 This meeting's presentation is "Memory Corruption and Buffer Overflows" by Dave Aitel. Dave presented on this topic during the OWASP NYC AppSec 2008 Conference. The presentation will also include some web application content based on Immunity's recent project experiences. [[Media:OWASP_miami_Corruption-2009_04.pdf]]

'''Wed. February 4th, 2009 5:00PM - South Florida OWASP Meeting'''

Facility Location: Mission Critical Systems, Inc. 1347 East Sample Road, Suite 3 Pompano Beach, Fl 33064 Phone: (954) 788-7110 This meeting's presentation is "An Architect's view of Application Security" by Rick Carlin. [[Media:OWASP_miami_Architect%E2%80%99s_View_of_Application_Security-2009_02.ppt]]

'''Wed. December 3rd, 2008 5:00PM - South Florida OWASP Meeting'''

Facility Location: Mission Critical Systems, Inc. 1347 East Sample Road, Suite 3 Pompano Beach, Fl 33064 Phone: (954) 788-7110 This meeting's presentation is a live web hacking demo by Dan Carcone.