Houston

Local News
The Houston Chapter will focus around Web Application Security issues with discussions on application layer vulnerabilties, penetration testing, and secure coding practices within the numerous development languages. Our chapter will meet on the second (2nd) Wednesday of each month and participation in OWASP Houston is free and open to all. Please subscribe to the mailing list for meeting announcements. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the Houston Chapter, send an email to [mailto:david.nester_at_owasp.org David Nester].

Houston

September 9, 2009 :: Conducting Application Assessment

 * Presentation: This talk will review a number of application assessment techniques and discuss the types of security vulnerabilities they are best suited to identify as well as how the different approaches can be used in combination to produce more thorough and insightful results. Code review will be compared to penetration testing and the capabilities of automated tools will be compared to manual techniques. In addition, the role of threat modeling and architecture analysis will be examined. The goal is to illuminate assessment techniques that go beyond commodity point-and-click approaches to web application or code scanning.  About Our Presenter:  Shohn heads up the IT security services offerings of PivotPoint Solutions including consulting, auditing, and penetration testing / security assessment of most modern technologies including Web based applications.  His current experiences and security and audit background provide a more balanced view from both audit and an implementation standpoint.  Shohn is the Information Systems Director for PivotPoint Solutions. He is responsible for overseeing all aspects of IT infrastructure operations, administration, security, budgeting, and overall governance. He currently manages more than 40 Terabytes of storage, 50 independent systems, multiple networks, and employees. Management of and direct involvement in projects over the design, testing, and implementation of various technologies and associated policies and procedures.  Prior to PivotPoint Solutions, Shohn was a Manager in KPMG's Southwest Risk Advisory Services practice.  His primary area of expertise was in security assessments over technical infrastructure. He also has experience with other IT audits including SAS70s, application reviews, business process reviews, computer operations, general controls reviews, and system development  Date: September 9, 2009 Time: 6:00-7:30 Welcome, Announcements and Presentation  Location: The new OWASP meeting physical address is: Houston Community College (HCC) 1010 West Sam Houston Parkway North Spring Branch Campus Commons Houston, TX 77043  PLEASE download a parking permit for the event.

Past Presentations

 * August 12, 2009 : "SharePoint Auditing and Penetration Testing Download Presentation by:  Shohn Trojacek'


 * July 8, 2009 : "Embedded System Security Download Presentation by:  Sam Denard'


 * June 10, 2009 : "Web Application Security and PHP. Download Presentation by:  Eric Cherian


 * May 13, 2009 (A): "Securing connection strings in the Web.Config and App.Config files for .NET Download Presentation by:  Mark Feferman, CISSP


 * May 13, 2009 (B): "Stealing the Airlines Online Data Download Presentation by: Quincy Jackson, CISSP


 * April 8, 2009: "2009 Statistics Report and ClickJacking Download''' Presentation by David Nester, Director, Solutions Architecture, Whitehat Security.


 * August 19, 2008: "Dirty Dozen" - Truth and facts about PCI DSS Download''' Presentation by Genady Vishnevetsky, CISSP Director, IT Operations and Security. Paymetric, Inc


 * June 11, 2008: The OWASP Top 10 Download''' Presentation by J Sawyer, Developer Evangelist of Microsoft


 * November 7, 2007: Black Box versus White Box: Different App Testing Strategies Download''' Presentation by John Dickson of the Denim Group.


 * October 10, 2007 :: Top 10 Website Attack Techniques Download''' Presentation by Jeremiah Grossman, CTO, Whitehat Security


 * September 12, 2007: Fortify Software


 * '''August 8, 2007: Atrysk Security Presentation Download


 * June 5, 2007 :: Web 2.0 Download''' Presentation by Dan Cornell of the Denim Group.

Houston OWASP Chapter Leaders
Our chapter leaders are Mark Feferman, Linda Fox, Paul Dial and David Nester.