Houston

=Upcoming Events=

Tuesday July, 2017 at 6:30PM
Title: Making Vulnerability Management Less Painful with OWASP DefectDojo

OWASP DefectDojo Project https://www.owasp.org/index.php/OWASP_DefectDojo_Project

Abstract:

DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.

Speaker:

Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page: https://www.owasp.org/index.php/User:Devgreg

Location:

NetIQ Corp

515 Post Oak Blvd, Houston, TX 77027

Please checkin with security downstairs and one of the meeting sponsors will escort you to the meeting room upstairs. Parking is free in their parking garage.

RSVP:

https://www.meetup.com/OWASP-Houston/events/241370392/

The building facilities requires a list with your full name for security measures the Friday before any events, so we need to turn in the list of attendees on Friday July 14.

If you don't feel comfortable posting your full name on Meetup, please email Joseph Konieczka directly. joseph.konieczka@owasp.org

=Past Events= OWASP Houston May Chapter Meeting

Tuesday May 23, 2017 at 6:00PM
Discussion about OWASP Projects and events

OWASP Houston Chapter assisted San Jacinto College Advisory Boards

March 30 and 31, 2017

We had some members of the chapter provide extremely valuable feedback to enhance the college's programs. Thank you to everyone that helped with this effort. We will have more opportunities to be involved with the college.

Wednesday February 22, 2017 at 6:00PM
Title: Effective Application Security Testing at High Velocity: Keeping up with Agile and DevOps Speaker: James "Jimmy" Rabon James Rabon shared lessons learned by working with some of the most advanced and innovative application security customers / programs. Learn how static and dynamic analysis of applications can be made efficient and effective in some of the most dynamic development organizations. See how app sec leaders integrate application security throughout their software development lifecycle and include it in the DevOps tool chain of automation to move security testing at high velocity. Automation is your friend and we will examine where modern security tools are being included in the “treat infrastructure as code” mantra. We’ll also take a look beyond security tools and automation to the people and processes that effective application security programs use to run at high speed. A brief demo will follow for those interested.

Speaker Bio:

Jimmy Rabon began his career as a software developer for the Computer Sciences Corp before deciding to specialize in application security over seven years ago with Fortify. He began his career in application security by serving as an on-site subject matter expert for software security and has performed countless security audits of applications (both static and dynamic testing reviews) for several large commercial and government entities. He has enabled organizations that utilized his or his team’s services, to find and fix exploitable vulnerabilities in critical systems.

Having worked as a software engineer for many years prior to specializing in application security, he understands the unique challenges that developers face when attempting to deliver secure code and can help deliver effective technology and processes to enable information assurance and development teams to work together to make software as secure as possible.

He leads a team of highly skilled application security consultants as the head of HPE Fortify professional services responsible for designing effective software assurance solutions in the Americas.

He is currently a Senior Product Manager with Fortify with a passion for building security products that solve real world problems in the most effective and efficient way possible.

Monday October 17, 2016 at 6:30PM
Title: Murder Mystery – Who is Killing your Information Security Program

Speaker: Gordon MacKay

Presentation Abstract:

Integrating vulnerability scanning results into one’s security ecosystem involves a serious hidden challenge which results in heinous consequences, thereby killing your InfoSec program. This session shares clues on this challenge, step by step, in the form of a murder mystery game, and ultimately reveals the culprit as well as strategies to overcome it. Come participate, play, and interact! Try to guess “who-dunnit,” and learn how to avoid future similar InfoSec crimes.

Speaker Bio

Gordon MacKay, CISSP and Software/Systems Guru with a dash of security hacking,serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology. MacKay has presented at numerous security related conferences, including Bsides Austin 2016, BSides San Antonio 2016, BSides Dallas 2015, RSA 2013, ISC2 San Antonio, ISSA Houston, ISACA San Antonio, and has been featured by top media outlets such as CIO Review, FOX Business, Fox News, Softpedia, IT World Canada and others. He holds a Bachelor's in Computer Engineering from McGill University. He is a Distinguished Ponemon Institute Fellow.

Monday September 19, 2016 at 6:30PM
Title: Web App Testing Stats Compared to The OWASP Top 10

Description: For over seven years, Cigital has performed high volumes of application security assessments through the Cigital Assessment Center (CAC). Over that time the CAC has accumulated a large amount of data that provides helpful insights into software security practices. We’ll present the most common web application security vulnerabilities identified over one year by the CAC, contrasting our findings with one of the industry’s leading benchmarks, the OWASP Top 10.

Bio: Joel Scambray is a Principal at Cigital, a leading software security consulting firm established in 1992. He has helped Fortune 500-class organizations address information security challenges for over twenty years as a consultant, author and speaker, business leader, and entrepreneur. He is widely recognized as co-author of the Hacking Exposed book series, and has worked/consulted for companies including Microsoft, Foundstone, Amazon, Costco, Softcard, and Ernst & Young.

Monday August 22, 2016 at 6:30PM
August speaker and topic - Roger Huebner, Corporate Architect/Distinguished Engineer at NetIQ, will be speaking on Docker and containers. Since so many developers are adopting this approach to deployment and operations teams are also embracing this growing trend, it is important to learn about it so that we can help secure these application containers as well. We had some lively discussion on this topic, so it was definitely well received.

Monday July 18, 2016 at 6:30PM
Michael F. Angelo, CRISC, CISSP | Chief Security Architect at Micro Focus | NetIQ Corporation went over Threat Modeling basics and philosophy as well of some of the tools that he uses. We had a solid turnout and a great deal of audience participation and discussion.

Monday June 20, 2016 at 6:30PM
We met at the NetIQ offices from 6:30-8:30PM on Monday June 20, 2016 to restart the chapter and had a great turnout.

Meeting Agenda:

1. Introductions of all attendees to gain a solid understanding of backgrounds, interests, and what people would like to learn about.

2. Upcoming security related conferences - LASCON in Austin, Cyber Texas in San Antonio

3. Major OWASP Projects that have been updated recently or currently being worked on: OWASP Top 10 - 2016 Data Call discussion question review. Proactive Controls, ASVS 3, Developer Guide reboot, OpenSAMM, WAFEC updates, OWASP Testing Guide, WebGoat 7

4. Discussion about possible study groups that we want to start having. For example, CISSP or CSSLP certification preparation, Hacking-Live CD interactive sessions. OWASP ZAP workshop (leveraging bodgeit, WebGoat, and Security Shepherd), other books or projects people would like to pursue.

5. Topics that people would like to see discussed at the next meeting and how often they would like to meet. Ideally, we could meet once a month for the normal meeting and then at least twice a month for study groups. This has been very successful for the Austin chapter.

=Sponsors= Alert Logic - Brings Network Security & Cloud Security Services to You Barracuda Networks Hewlett Packard Enterprise - Enabling organizations to take a proactive approach to today’s most advanced threats through application and data security solutions and security analytics. Imperva - Business Security Solutions - Complete Data Security Netflix - Watch TV Shows Online, Watch Movies Online Secure Ideas - Professionally Evil Solid Border - Network Security Reseller Stach & Liu

=RSVP=

RSVP
=Sponsorship Opportunities=

Sponsorship Opportunities
We're always looking for sponsors to help us provide the highest quality experience for our attendees. For sponsoring OWASP Houston we will list your name on our site, mention your sponsorship in all announcements on the mailing list, send us a banner and we'll hang it at the event, and send you some pictures. If you'd like to send someone to attend the event we will make room for a table. We encourage sponsors to have raffles to try and capture leads. Rather than sponsoring just one event consider sponsoring a few.

Opportunity #0 - Workshops
We are currently mapping out workshops for 2017. These will be meetings dedicated to hands on education. This could be related to programming a vulnerability scanner, auditing source code, exploiting a vulnerability, or mini-ctf. Your sponsorship of this event includes appetizers and beverages for the attendees. Due to popularity, sponsoring a workshop is a $500 dollar commitment.

Opportunity #1 - Happy Hour Meeting
These will be social meetings where attendees build a local security community. We estimating the need for $500 in food and drink per meeting. By giving sponsors drink tickets to hand to attendees, we ensure that our sponsors are able to interact with everyone looking for another drink. Feel free to pass out business cards and network just like you would anywhere else.

Opportunity #2 - Formal Presentation Meeting
We normally have one or two speakers at each formal presentation meeting. Sometimes the presenter is from out of state, so we try to defer some of their travel expenses. Your sponsorship of this event includes food and beverages for the attendees. We are seeking $700 per sponsor to cover our expenses.

Opportunity #3 - OWASP Presenter Sponsorship
Although OWASP is a non-profit organization, we strive to provide our members with the best presenters possible. In exchange for covering travel expenses for these presenters, our chapter will provide you with five minutes at the start of the meeting to introduce yourself and tell us about the products or services that your company offers. This benefit is in addition to special mention for sponsoring the travel. The speakers traveling expenses may vary but with a $1,200 donation we think we can handle the rest.

=Call for Papers=

Call for Papers
We're actively accepting abstracts. Please send all abstracts to paul dot scott at owasp dot org and Joseph dot Konieczka at owasp dot org.

=Local News=