Los Angeles/2013 Meetings

April 24 2013, Symantec Offices, Culver City

Tales from the Crypt(o): Lessons About Secrecy from Julius Caesar to Moxie Merlinspike

 Speaker#1: Tin Zaw

Tin Zaw is the former president of OWASP Los Angeles Chapter.

 Speaker#2: Albert Tu

Honeypots along side IT security operations

Honeypots commonly take a strategic backseat to IT security operations. This has not stopped community based security professionals and enthusiasts to harness the advantages of the honeypot to form world wide networks capturing and sourcing malicious behavior. Communities that have become vendors found opportunity in higher quality IP lists as well providing deep expertise to provide solutions to anti-fraud behavior. The combination is always worth consideration if you are a customer.

 Speaker#2: Albert Tu

Albert Tu is an information security professional at Farmers Insurance Exchange. His background is in vulnerability and risk management with a good amount of programming. He has a passion for solving problems of all sorts.

March 20 2013, Joint meeting with ISSA, Monterey Park

Securing Mobile Apps for the Enterprise 

Securing Mobile Apps – that’s the big discussion today. The last couple of years enterprises have been attempting to meet this requirement by deploying client-intensive MDMs (Mobile Device Managers). This has left the apps being utilized by partners, suppliers and customers – completely unprotected. How do we meet the challenge of applying security authentication standards to these un-managed devices. This is what will be discussed/demo’d.

 Speaker: Garret Grajek

Garret Grajek is a CISSP-certified security engineer with more than 20 years of experience in the information security and authentication space. As Chief Technical Officer and Chief Operating Officer for SecureAuth Corporation, Garret is responsible for the strategic direction of the company’s Identity Enforcement product offerings.

February 20 2013, Symantec Offices, Culver City

Secure Password Storage Practices

(or Why "Hashing + Salting != Secure Passwords")

Many web applications require passwords that are hard for users to remember, cumbersome to type, yet easy for hackers to crack. With affordable, lightning-fast hardware aiding hackers, we have recently seen a number of large organizations in the news for user-password security failures. Join us as we discuss common attacks on password lists/tables as well as some password storage practices that can make any cracking attempts not worth the attackers’ time.

 Speaker: iMan Louis

iMan is a Senior Consultant with Cigital Inc., where he conducts security code reviews, ethical hacking, and web application security assessments for some of the largest global corporations. He has also developed courseware for Cigital's Defensive Programming course series and delivered instructor-led training for many years. He brings 12 years of experience in software development and application security. iMan has recently moved from San Francisco to the Greater L.A. area and is looking forward to being an active member of our L.A. OWASP chapter.

January 23 2013, Symantec Offices, Culver City

Top Ten Web Defenses

We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Website developers must learn to code in a secure fashion to have any chance of providing organizations with proper defenses in the current threat-scape. The session will provide specific tips and guidelines to make website code both low risk and less vulnerable.

 Speaker: Jim Manico

Jim is the VP of Security Architecture for WhiteHat Security. Jim is also the host of the OWASP Podcast Series, is the committee chair of the OWASP Connections Committee, is the project manager of the OWASP Cheatsheet series, and is a significant contributor to several additional OWASP projects. Jim provides secure coding and developer awareness training for WhiteHat Security using his 8+ years of experience delivering developer-training courses for SANS, Aspect Security and others. He brings 16 years of database-driven Web software development and analysis experience to WhiteHat and OWASP as well. Jim works on the beautiful island of Kauai, Hawaii where he lives with his wife Tracey.