New Jersey

Event Sponsor: UBS
Event Co-Sponsors: AirTight Networks - Xceedium - White Hat Security - AccessIT - eEye Digital Security Address: 499 Washington Ave, Jersey City, NJ 07310 - RSVP IS REQUESTED

6:00pm - 7:00pm Speaker:  Marc Maiffret, Founder/CTO & Chief Hacking Officer eEye Digital Security  As eEye Digital Security’s Co-Founder/CTO and Chief Hacking Officer, Marc Maiffret has been a driving force in the vision and continuous innovation for eEye’s product development and vulnerability research efforts since the company’s inception in 1998. Long regarded as a security expert and thought leader in vulnerability assessment and endpoint security, Marc Maiffret also leads the efforts of eEye’s world renowned Research Team. In addition, Mr. Maiffret speaks regularly on the state of security across the globe, including several appearances before Congress, where he has testified on information policies and security threats posed to both public and private infrastructures. Mr. Maiffret’s role in vulnerability research, education and product innovation has been reflected in the numerous awards and distinguishments that eEye Digital Security continuously receives.

Abstract: “It’s More Than a Microsoft World.” While Microsoft has long been the primary target for criminals looking to exploit system vulnerabilities, now other applications such as Systems Management, QuickTime, iTunes and even security applications from companies like Symantec and McAfee are being used as a means of entry into the network. eEye's research team has identified these exploits as part of a growing trend of attacks that target consumer-oriented applications rather than the operating system itself, as well as bypass network-level security technologies traditionally used by organizations, including IDS gateways or gateway-based anti-virus systems. Now, applications like QuickTime or iTunes can represent a threat to the network's integrity. The reason is simple - Since Microsoft has been the dominant OS with the largest installed base, hackers naturally targeted it. However, as Microsoft has steadily improved its approach to security, criminals are looking to other "low hanging fruit." And they've had 5 whole years to practice against Microsoft, which means many applications are more vulnerable than ever. As an additional bonus Maiffret will demonstrate that although Microsoft has progressed in security they are not perfect. To help illustrate this fact Maiffret will be demonstrating live hacking a Windows Vista system with Office 2007.

--

7:00 - 8:00pm Speaker:  Tom Brennan, NY/NJ OWASP Metro President  Tom Brennan specializes in providing business risk assessments and penetration testing of critical IT infrastructures - when not breaking things at work... he contributes to OWASP Projects ;)

Abstract: OWASP Version 2 Testing Guide This talk will discuss the co-authored release of the new OWASP Testing Guide. The goal was to create a "best practices" penetration testing framework which users can implement in their own organizations that includes a penetration testing guide that describes how to find certain issues. . In addition, Tom will also discuss the NY/NJ OWASP chapter goals for 2007 and other projects underway.

--

8:00pm - 9:00pm Speaker:  Jeremiah Grossman, Founder/CTO - White Hat  Mr. Grossman founded WhiteHat Security in 2001. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of web applications. As one of the world's busiest web properties, with over 17,000 web servers for customer access and 600 web applications, the highest level of security was required. Before Yahoo!, Mr. Grossman worked for Amgen, Inc.

Abstract: “HACKING INTRANET WEBSITES FROM THE OUTSIDE”  This hour-long presentation will feature Jeremiah Grossman, WhiteHat Security Founder and CTO. Mr. Grossman will demonstrate: How a user is first infected or attacked using a malicious Web page or Cross-Site Scripting vulnerability; How a Web browser can be completely controlled or monitored remotely. How a Web browser can be used as a stepping stone to perform network reconnaissance on internal networks; and, How to exploit internal machines using a compromised Web browser

--

 Meetings are FREE and open to the PUBLIC - RSVP IS REQUESTED as space is limited and required by building security!

GOOGLE MAP DIRECTIONS

Mass transit The Pavonia Ave Path stop is across the street and the Pavonia / Newport Mall Light Rail is behind the building.

Driving Directions to Newport From Holland Tunnel - At the first light out of the Tunnel, make a right (by the Gas Station). At the next light, make a right onto 18th Street. 18th Street will turn into Washington Boulevard. At the fourth light, make a right onto 6th Street. Take the next right onto Mall Drive East. Open parking lot is straight ahead.

From Lincoln Tunnel - Upon exiting the Tunnel, immediately get into the far right lane. Follow the Hoboken exit sign and ramp. At the first light, the street becomes Willow Avenue. Continue straight through the light. Proceed on Willow Avenue for approximately 1.5 miles. Continue to the end. Turn right onto Observer Highway. At the first light, Henderson Avenue, turn left. Stay on Henderson Avenue, under rail tracks, at first light, 18th Street, turn left. Continue on 18th Street which turns into Washington Boulevard.

From New Jersey Turnpike - Take the NJ Turnpike to exit 14C, the Holland Tunnel. After the toll, continue toward the Holland Tunnel. At the bottom of the ramp, turn right onto Jersey Avenue. Then immediately bear left up Newport Centre Mall ramp. Follow signs to the Parking Garage.

From Garden State Parkway North - Exit at Route 22 Eastbound Exit 140. Stay on Route 22 East until Route 1&9 North onto the Pulaski Skyway. At the bottom of ramp, coming off Skyway going to the Holland Tunnel turn right. Immediately bear left up the ramp to Newport Centre Mall.

From Garden State Parkway South - Exit at Parkway at Exit 145 onto Route 280 East. Stay on Route 280 until it ends. Then take Route 508 towards Jersey City. Route 508 joins Route 7, then after crossing bridges at the first traffic circle follow Route 1&9 North to Holland Tunnel. At the bottom of the ramp, turn right onto Jersey Avenue. Then bear to your left up the ramp to Newport Centre.

From Route 3 (Eastbound) - Follow Route 3 towards Lincoln Tunnel/NYC. Stay in the far right lane. Exit at the Weehawken/Hoboken Exit ramp. Go through first traffic light bear slightly right to proceed down the hill. At the botton of the hill bear right again proceeding on the Boulevard. Follow to the end and make a right onto 14th Street. Then make the first left onto Willow Ave. Proceed on Willow Avenue for approximately 1.5 miles. Continue to the end. Turn right onto Observer Highway. At the first light, Henderson Avenue, turn left. Stay on Henderson Avenue, under rail tracks, at first light, 18th Street, turn left. Continue on 18th Street which turns into Washington Boulevard. Stay in right lane and continue on into Newport Centre Mall Parking Garage.

From George Washington Bridge - Follow the sign off the bridge for NJ Turnpike South. Take NJ Turnpike to Route 78 East, Exit 14-14C. Exit main Turnpike onto Route 78 East for 14C-Holland Tunnel. After the toll at 14C continue towards the Holland Tunnel. At the bottom of the ramp going to the Holland Tunnel Plaza, at first light, make right onto Jersey Avenue. Then immediately bear left up the ramp to Newport Centre Mall.

= NY/NJ OWASP Chapter Leaders =  
 * President: [mailto:jinxpuppy(at)gmail.com Tom Brennan]
 * Vice President: [mailto:peter.perfetti(at)abnamro.com Pete Perfetti]
 * Treasurer: [mailto:BrianPei(at)yahoo.com Brian Peister]
 * Membership Chair: [mailto:santoniewicz(at)net2s.com Steve Antoniewicz]
 * PR Chair: [mailto:pster100(at)gmail.com Peter Stern]
 * Communications: [mailto:KReiter(at)insidefsi.net Kevin Reiter]
 * Project Chair: [mailto:Tom.ryan(at)providesecurity.com Tom Ryan]
 * Board Member/Projects: [mailto:oe2(at)njit.edu Osama Eljabiri]
 * Board Member/Programs: [mailto:mdontamsetti(at)gmail.com Mahi Dontamsetti]
 * Board Member: [mailto:stanguzik(at)yahoo.com Stan Guzik]

To submit educational topic for a future meeting please provide a short abstract/paragraph of the talk or powerpoint using the OWASP Template and include speaker BIO. Or call 973-202-0122 if you wish to host a meeting or become a chapter meeting host or co-sponsor.

The chapter mailing address is:

NY/NJ Metro OWASP 759 Bloomfield Ave #172 West Caldwell, New Jersey 07006