Atlanta Georgia

Local News
2009 was a great year aimed at re-generating some interest for the OWASP movement. We hope to build on this in 2010 and need some help in doing so. If you have some extra cycles and would like to submit a proposal for speaking or hosting a workshop, please don't hesitate to contact us (see Chapter Leads tab below). This year, we hope to see some new faces and would like to get the year started by talking about the new OWASP Top Ten and how to apply them within your application development, testing, or assessment efforts.

On behalf of the chapter, I would like to solicit your financial support of chapter via a tax deductible membership for a great non-profit organization which aims to elevate web application security. Please note that other chapters have the luxury to charge their members for attending some of their meetings. We hope that you find historical and future meetings to be of value and show support via a member based contribution. To contribute to OWASP-Atlanta, go here: Atlanta Georgia

Latest News
Our next meeting is on March 24th, 2010 which will be a panel on Static & Dynamic Analysis for Web Applications. Panel members include Cris Eng (Veracode), Jeremiah Grossman (WhiteHat Security), Greg Wolford (Fortify) and Matt Wood (HP Web Security). Please check the Chapter Meetings tab for more information.

Staying in Touch
New OWASP Atlanta Linkedin Group. For those addicted to LinkedIn, we have a group you can further feed your addiction. The OWASP Atlanta Chapter. http://www.linkedin.com/groups?home=&amp;gid=1811960&amp;trk=anet_ug_hm

Register for the OWASP Atlanta Mailing List by signing up here: http://lists.owasp.org/mailman/listinfo/owasp-atlanta

OWASP Atlanta Supporters
Thanks to the following list of official sponsors and supportive organizations for their financial contributions and resource support.


 * Georgia Tech Information Security Center: [[Image:GTISC logo2.jpg]]
 * Fortify: [[Image:Fortify.jpg]]

2009 OWASP Atlanta Member Survey
The Atlanta OWASP Member Survey has come and gone. Thanks to all those that responded. A subset of the results is shown below in the form of top ranking security topics that members wish to see in 2009. More detailed results will be provided and discussed briefly during our first meeting, April 2nd, 2009.

March 2010 Meeting
WHAT:: Static & Dynamic Analysis for Web Applications (Panel Discussion)

WHEN:: March 24, 2010 6-8pm

WHERE:: Room 1116-E, Klaus Advanced Computing Building, Georgia Tech :: Web :: Google Maps ::
 * Parking spots: Parking Map - Physics building (Area 4)
 * Campus Bus: Tech trolley runs between Midtown Marta and the venue

WHO:: Moderator: Tony UV (Chapter Lead). Panel members include Cris Eng (Veracode), Jeremiah Grossman (WhiteHat Security), Russell Spitler (Fortify), Greg Wolford (Fortify) and Matt Wood (HP Web Security)

ABSTRACT::  This meeting format will be in the form of a panel discussion that we hope all of you can not only attend but participate as well. Our chapter lead Tony UV be moderating the event and in preparation for doing so, we would like to get some good group think going around the topics to be discussed. Specifically, the focus of the topic is a comprehensive look at both static and dynamic analysis of web applications, which will encompass current trends, lessons learned from the trenches, myths and misconceptions, success stories, and more from our panel of experts.

In preparation for this meeting we ask that ALL members supply any questions that you would like the panel of experts to answer. We’ll provide responses of this Q&A online after the event.

BIOs::


 * Chris Eng, Senior Director of Research at Veracode, is responsible for integrating security expertise into Veracode’s technology and helping to define and prioritize the security feature set of Veracode’s service offerings. His professional experience includes stints at Symantec, @stake, and the US Department of Defense, where he specialized in security assessments and offensive research.  Chris has presented at security conferences such as the Black Hat Briefings and OWASP AppSec and has been quoted as a subject matter expert in various industry publications.  Chris, along with experts from more than 30 US and international cyber security organizations, helped develop the CWE/SANS Top 25 Most Dangerous Programming Errors.


 * Jeremiah Grossman founder and chief technology officer of WhiteHat Security, is a world-renowned expert in web application security and a founding member of the Web Application Security Consortium (WASC). At WhiteHat, Mr. Grossman is responsible for web application security R&D and industry evangelism. He is a frequent speaker at industry events including the BlackHat Briefings, ISACA's Networks Security Conference, NASA, ISSA and Defcon. A trusted media resource, Mr. Grossman has been featured in USA Today, the Washington Post, Information Week, NBC Nightly News, and many others. Mr. Grossman is also a featured expert and frequent contributor on TechTarget's SearchAppSecurity.com. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!


 * Russell Spitler started his career in software security at Colby College. For his honors thesis he developed a static analysis engine embedded in the eclipse IDE.  Shortly after his graduation he started at Fortify Software.  At Fortify he initially continued his work with Integrated Development Environments, developing security specific plug-ins for Eclipse and Visual Studio.  In addition, he developed an IDE specifically crafted for the security professional: Fortify's Audit Workbench.  Russell then acted as lead designer and architect of Fortify's central software security management platform: 360 Server.  His experience developing security solutions for all aspects of security programs uniquely positioned him to design and implement the SSA Governance module, an element critical to the successful large scale management of Secure Development programs.  Recently Russell has been acting as the Product Manager of the Fortify 360 Suite.  During his tenure he has acted as advisor to more than 500 successful deployments of the software and is often a key reference in the design of software security initiatives.  In his free time he enjoys skiing, riding motorcycles and drinking whiskey.


 * Greg Wolford is a seasoned expert in Agile methodologies, .NET, Java, EAI, SOA, and other SDLC methodologies and is currently a Software Security Consultant at Fortify software.


 * Matt Wood is the lead security researcher in HP’s Web Security Research Group. Matt has led the development of both HP Scrawlr and HP SWFScan, which are free security tools designed to help organizations find SQL injection and Adobe Flash security vulnerabilities, respectively. Beyond making sweet free tools, he has also given numerous presentations at major security conferences including BlackHat and RSA. Matt currently is focusing his research on client-side static analysis and using AI to help security practitioners audit complex Ajax/RIA applications.

RSVP:: http://tr.im/owasp_meeting

COST: No costs, but all donations will be accepted as it helps pay for meeting related materials and provisions. Best way to support the chapter is to become a member.

Past Meetings
Feb 2010 - Embedded Malicious JavaScript

Feb 2010 - DNS Security

Jan 2010 - Owasp Top 10

Oct 2009 - Security Religions & Risk Windows (Jeremiah Grossman)

Sept 2009 - Securing WebServices

Aug 2009 - ISSA Event

June 2009 - OWASP LIVE CD Workshop

Apr 2009 - Filter Evasion Techniques (Workshop)

Apr 2009 - Chapter Rebirth meeting

Atlanta ISACA OWASP Meeting 03.27.09

Atlanta Leadership Meeting 03.05.09

Atlanta Leadership Meeting 02.26.09

Atlanta OWASP May 2007 Meeting

Atlanta OWASP December 06 Social

Atlanta OWASP April Meeting

Chapter Meeting March 29th 2006

October 26th Meeting

April 27th, Chapter meeting a SUCCESS!

March 30th, 2005

February Meeting

June 2005

Atlanta Georgia OWASP Chapter Leaders

 * Tony UcedaVelez - Chapter Lead
 * Charles Burke - Meeting Chairperson
 * Shauvik Roy Choudhary - Marketing Chairperson