Atlanta OWASP May 2007 Meeting

Atlanta OWASP May 2007 Meeting

'''Topic: PCI Compliance When: Monday June 18th 6:30pm - 8:30pm''' Meeting Location SPI Dynamics Headquarters 115 Perimeter Center Place NE South Terraces Atlanta, GA 30346 Room is on the 1st Floor of the South Terraces building. Called “Classroom”

See below for more on directions.

This meeting is open to public and admission is free.

OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and contributions to web application security.

Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)

Please RSVP for this event.

RSVP for this event. Send email to: owasp-atlanta@lists.sourceforge.net Also, Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/

Topic: Payment Card Industry Data Security Standard

Presentations: '''PCI Requirements Conrad Clark CISSP'''

Conrad Clark is a Security Engineer for S.P.I. Dynamics, Inc. (www.spidynamics.com), the leading provider of web application security testing software and services. Conrad is a Certified Information System Security Professional (CISSP #73743), and has over 15 years of information system engineering and management experience in addition to three years of technology consulting service with Deloitte Consulting. Prior to joining SPI Dynamics, Conrad worked as a Senior Network Security Engineer supporting a web-based payment portal system for Verifone Inc. Prior to that he was the Manager of the Security Operations Center for Interland Inc. Conrad is an expert in building, deploying, and maintaining secured web-based financial transaction systems. In addition, he has an expertise in scope, designing, planning and implementation of enterprise level systems and applications, and standard operating, business continuity, and disaster recover plans '''PCI Requirement 10 Logging and Monitoring Charles Burke CISSP'''

Charles is the Atlanta OWASP Chair and a Security Consultant with InfoSec Integrators, a provider of security technology integration services.

Location and Directions: SPI Dynamics Headquarters 115 Perimeter Center Place NE South Terraces Atlanta, GA 30346 Room is on the 1st Floor of the South Terraces building. Called “Classroom” There is a parking garage associated with building, parking is free. However, the gates close at 7pm except for the one on the 3rd level – so that is the one to use for exiting the garage after the meeting. Here is map quest link to our building: http://www.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtype=address&cat=&address=115%20Perimeter%20Center%20Pl%20Ne&city=Atlanta&state=GA&zipcode=30346%2d1256&search=%20%20Search%20%20&searchtab=address

Atlanta OWASP December 06 Social

Atlanta OWASP December 06 Social Five Seasons Brewing

Atlanta OWASP April Meeting

Atlanta OWASP April Meeting Presents Secure Code Reviews Wednesday April 26th 6:30pm - 8:30pm Suntrust 250 Piedmont Ave Atlanta, GA 30338

Directions: Look for information on directions later. This meeting is open to public and admission is free. Parking in the vicinity is $3 to $4.

OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and contributions to web application security.

Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)

Please RSVP for this event. Send email to cburkeinga@hotmail.com and sign up for the mailing list above.

Keynote Speaker

Dean H. Saxe, CEH Senior Consultant Foundstone Professional Services A Division of McAfee Strategic Security Foundstone Role

Dean is a Senior Consultant at Foundstone. He is responsible for conducting web application penetration testing, threat modeling, code reviews, secure software development lifecycle (S-SDLC) design and implementation, and project management. Additionally, Dean provides client education services as a lead instructor of the Building Secure Software, Writing Secure Code: Java/J2EE, and Writing Secure Code: ColdFusion courses.

Experience Dean has nine years of software development experience in a variety of industries, including banking, education and QC. Since 2001, he has focused on secure software development and web application security. Prior to working at Foundstone, Dean held the position of Manager of web Application Security for a corporate cash-management ASP.

Dean co-founded and remains active in the Atlanta ColdFusion User Group (ACFUG) and is an active member of the Open Web Application Security Project (OWASP) Atlanta Chapter.

Chapter Meeting March 29th 2006

Atlanta OWASP March Meeting Presents Computer Forensics Introduction ASP.Net Security Topics

Wednesday March 29th 6:30pm - 8:30pm Digital Insight Corporation Sales Headquarters 5720 Peachtree Pkwy. Norcross, GA 30092

This meeting is open to public and admission/parking is free.

OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and contributions to web application security.

Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)

You must RSVP to attend this event. Send email to: [mailto:owasp-atlanta@lists.sourceforge.net owasp-atlanta@lists.sourceforge.net] Also, Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/

Keynote Speakers David Bendon, CFCE, CISSP, EnCE

David is on the computer forensics team of a Fortune 25 company. Prior to joining the private sector David was the Chief Forensics Computer Specialist for the Georgia Bureau of Investigation (GBI), and a supervisor with their Internet Crimes Against Children Taskforce. While at the GBI, he worked on such high profile cases as the Hope Scholarship case, the Derwin Brown homicide case and the hacking cases of a major university. The has also testified as an expert witness in numerous jurisdictions throughout Georgia. David is the founder and primary admin of the largest vendor neutral computer forensics portal called http://www.forensicsexams.org. He is cofounder and VP of the Cybercrime Summit Group, a non-profit organization that runs the Cybercrime Summit (an international  computer forensics/security conference held annually in Atlanta, GA. David is also certified as a CFCE, CISSP and EnCE.

Mohamoud Ibrahim, Senior Developer, The Home Depot

Mohamoud is a Senior Developer for The Home Depot with 12+ years of software development experience. He has experience developing enterprise applications & web services in many development environments and languages including Java and ASP.NET. Mohamoud will discuss developing secure web services in ASP.NET.

Charles Burke, SCJP, CISSP Senior Consultant InfoSec Integrators

Charles is the Atlanta OWASP Chair. He will discuss new security features in ASP.Net 2.0.

October 26th Meeting

Atlanta OWASP October Meeting Presents Web Application Assessments

Wednesday October 26th 7:00pm - 8:30pm Vigilar, Inc. - Atlanta, Georgia 900 Ashwood Parkway Suite 290 Atlanta, GA 30338

Directions http://www.vigilar.com/directions.html This meeting is open to public and admission/parking is free.

OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and contributions to web application security.

Who Should Attend - anyone interested in Web Application Security (managment, security architects, developers, etc)

Please RSVP for this event. Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/

Keynote Speaker Eric Ahlm

Director of Emerging Technologies

Certifications

CISSP Certified Information Systems Security Professional

PMI Project Management Institute

SCSP Symantec Certified Security Professional Experience Eric Ahlm brings to the company ten years of experience in information technology, five of which were dedicated to information security. As Vigilar’s Director of Security Architecture, Ahlm’s primary role is to evaluate new security technologies and consult with clients who are looking to solve security challenges. He also runs Vigilar’s evaluation labs and works with hundreds of security products to find the best solutions for Vigilar’s clients’ security challenges.

Prior to Vigilar, Ahlm worked for various security consulting firms and was a Regional Manager for Symantec Worldwide, an information security firm that provides a broad range of software, appliances and services to help companies secure and manage their IT infrastructures. While at Symantec Worldwide, he was responsible for managing the company’s enterprise security line.

In addition, Ahlm has written numerous whitepapers published on security topics, participated as keynote speaker at various security conferences, and consulted with top companies in the United States. His areas of interest and study is in hacking techniques, penetration testing, and working with security professionals to discover new exploits and proof of concept tools to help clients tighten their security.

Ahlm holds a B.S.E.E.T. (Bachelor of Science Electrical Engineering Technologist) from Devry University.

October 26th Meeting April 27th, Chapter meeting a SUCCESS!

April 27th, Chapter meeting a SUCCESS!

Atlanta OWASP Apil Meeting/Social was a success. Thanks to Chip and William for there presentations and also to Thoughtmill for sponsorship.

April 27th Join Us for Pizza and Security Discussions Security risk faced at each application Layer - Willam Vestal of Thoughtmill SQL Security discussion - Chip Andrews of SQL Security Wednesday April 27th 7:00pm - 8:00pm PLEASE RSVP to owasp-atlanta@lists.sourceforge.net Meeting host: Thoughtmill 3155 Royal Dr. Alpharetta, GA 30022

From 285/400: go 11.2 miles North / Exit Right onto HAYNES BRIDGE RD - go 0.6 miles / Left on NORTH POINT PKWY - go 1.5 miles / Right on ROYAL DR - go 0.6 miles / Arrive at 3155 ROYAL DR, ALPHARETTA, on the Right (1st 1 story Brick bldg on the right)

Map

From 400 north of Old Milton: GA-400 SOUTH / Take exit #10 OLD MILTON PKWY / Left on OLD MILTON PKY - go 0.7 miles / Right on NORTH POINT PKY - go 0.7 miles / Left on ROYAL DR - go < 0.1 miles / Arrive at 3155 ROYAL DR, ALPHARETTA, on the Right (1st 1 story Brick bldg on the right)

Map

March 30th, 2005 - Next Meeting

Atlanta OWASP March Meeting Presents Advanced Live Hacking: Methodologies and Demonstrations of Web Application Hacks Wednesday March 30th 7:00pm - 8:00pm Home Depot Store Support Center 2455 Paces Ferry Road Atlanta GA

This meeting is open to public and admission/parking is free.

OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and contributions to web application security.

Who Should Attend - anyone interested in Web Application Security (managment, security architects, developers, etc)

You must RSVP to attend this event. Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/

Keynote Speaker Caleb Sima Co-founder, Chief Technology Officer, Director of SPI Labs S.P.I. Dynamics Incorporated

Caleb Sima is the co-founder and chief technology officer of SPI Dynamics, the expert in web application security assessment and testing. Caleb is responsible for directing the lifecycle of the company’s web application security solutions and is the director of SPI Labs, the renowned application security research and development group within SPI Dynamics. Here, he leads a team of accomplished security experts who have received worldwide recognition for the identification of security vulnerabilities and exploits.

Caleb has been engaged in the Internet security arena since 1996, a time when the concept of Internet security was just emerging. Since then, he has become widely recognized within the industry as an expert in penetration (pen) testing (testing a company’s network security for critical flaws), and for identifying emerging security threats. In early 2000 Caleb co-founded SPI Dynamics and helped define the direction the industry has taken. Prior to co-founding SPI Dynamics, Caleb worked for Internet Security Systems, Inc. (ISS), an industry pioneer and global leader in Internet security. Caleb was a member of ISS’ elite X-Force research and development team, led the creation of the first pen testing team and drove enterprise security assessments for the company. Caleb began his security career as a security engineer for S1 Corporation. In this role, he was responsible for testing the security of software products for the banking and finance industries. Additionally, he was in charge of security for S1’s Datacenter, which managed the data transfer and security of some of the world’s leading financial institutions.

Caleb’s engineering exploits have gained media attention in publications such as the New York Times and the Washington Post. He has also contributed to Baseline Magazine and was featured, along with the ISS X-Force, in US News and World Report and Security World Magazine. A frequent speaker at industry events and tradeshows, Caleb’s most recent appearances include RSA 2004, the 2003 SouthEast CyberCrime Summit, Comdex 2003, Information Systems Security Association (ISSA), and the 2002 Cyber Security in the Financial Services Sector Executive Summit. Caleb is also a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS.

The SSC is located at: 2455 Paces Ferry Road Atlanta, GA 30339 Going West on 285, Paces Ferry is about 2-4 miles west of 75

February Meeting

Our February Meeting was the first official Atlanta OWASP event. It was a Huge success! Click the links below to see the slides for each presentation: Web Services Security Intro - Charles Burke

June Meeting - 6/29 @ 7PM

Atlanta OWASP June Meeting

Advanced SQL Injection Exploiting SQL injection on MySQL, generic UNION exploit and using SQL Injection to gain complete access to a server.

Wednesday June 29th 7:00pm - 8:00pm

SPI Dynamics Headquarters 115 Perimeter Center Place, N.E. Suite 1100 Atlanta, GA 30346

OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and contributions to web application security.

Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc) This meeting is open to public and admission/parking is free. Directions: http://www.spidynamics.com/aboutspi/contact/directions.html

You must RSVP to attend this event.

Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/

Keynote Speaker: Shiroy Choksey Intern, SPI Labs S.P.I. Dynamics Incorporated

Shiroy Choksey is an intern for SPI Dynamics, the expert in Web application security assessment and testing. His internship with the company is currently with SPI Labs, the renowned application security research and development group within SPI Dynamics. Here he assists a team of accomplished security experts in their research who have received worldwide recognition for the identification of security vulnerabilities and exploits. Prior to joining the SPI Labs team as an intern, Shiroy completed his Bachelor of Engineering in Information Technology with highest honors, from Pune University, India. He is pursuing a Masters in Information Security from the Georgia Institute of Technology’s Information Security Center (GTISC). At GTISC, he extensively researches SQL Injection techniques and built his own SQL Injection tool with support for generic database exploitation and IDS evasion. Shiroy is a recipient of several prestigious awards including the American Alumni Student Award, a distinguished award presented to ten Indian students, the J. N. Tata Scholar Award for exemplary academic achievement awarded to selected Indian students, and the Nirenski Study Award that is awarded for consistent outstanding academic performance in school. In addition, Shiroy is a talented musician, playing the piano and the guitar, and has received numerous awards for best speaker at debate competitions throughout his academic career.