Austin

Local News
If a link is available, click for more details on directions, speakers, etc. You can also review Email Archives to see what folks have been talking about

Next Meeting
When: February 26th, 2008, 11:30am - 1:00pm

Who: Michael Howard, Author of Writing Secure Code

MICHAEL HOWARD, PRINCIPAL SECURITY PROGRAM MANAGER, MICROSOFT’S SECURITY ENGINEERING TEAM

Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Group’s Security Engineering team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Howard is an architect of the Security Development Lifecycle (SDL), a process for improving the security of Microsoft’s software.

Howard began his career with Microsoft in 1992 at the company’s New Zealand office, working for the first two years with Windows and compilers on the Product Support Services team, and then with Microsoft Consulting Services, where he provided security infrastructure support to customers and assisted in the design of custom solutions and development of software. In 1997, Howard moved to the United States to work for the Windows division on Internet Information Services, Microsoft’s next-generation web server, before moving to his current role in 2000. Howard is a Certified Information Systems Security Professional (CISSP) and a frequent speaker at security-related conferences. He regularly publishes articles on security design and is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle and his most recent release, Writing Secure Code for Windows Vista.

Topic: Microsoft's SDL: A Deep Dive

In this presentation, Michael will explain some of the inner workings of the SDL as well as some of the decision making process that went into some of the SDL requirements. He will also explain where SDL can be improved.

Where: National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.

Cost: Always Free

Questions or help with Directions... call: James Wickett at (512) 964 6227 or Scott Foster 512-637-9824.

Future Speakers and Events
March 25th, 2008 - Dan Cornell, Denim Group @ WHOLE FOODS, Downtown

TRISC 2008 (San Antonio) April 20-23 ** Non-OWASP event, but worth checking out **

April 29th, 2008 - Mano Paul, CEO of SecuRisk Solutions @ National Instruments

May 27th, 2008 - Nathan Sportsman and Praveen Kalamegham, Web Services Security @ Whole Foods Downtown

As a Consultant and Partner at Praetorian Solutions, Praveen is focused on software security architecture and development as well as conducting security code reviews and threat models. In addition, Praveen is regularly involved in assessment services and performs network and web application penetration testing.

As a Consultant and Partner at Praetorian Solutions, Nathan is responsible for conducting network and web application assessments as well as host and network reviews. In addition, Nathan also has a background in software development and often performs security code reviews and threat models.

June 24th, 2008 - OPEN

Record Hall of Meetings
January 29th, 2008 - Mark Palmer, Hoovers and Geoff Mueller, NI @ WHOLE FOODS, Downtown

Where: Whole Foods, 550 Bowie Street, Austin, TX 78703. Come to the Whole Foods plaza level and sign in with receptionist. To get to the plaza take the stairs from the main entrance. The stairs are located on the West Side of the building, just north of the main entrance. There is no access to the Plaza level from inside the store.

See directions to Whole Foods.

When: December 4th, 2007, 11:30am - 1:00pm

Who: Jeremiah Grossman (WhiteHat Security, CTO, OWASP Founder, Security Blogger)

Topic: Business Logic Flaws

Session handling, credit card transactions, and password recovery are just a few examples of Web-enabled business logic processes that malicious hackers have abused to compromise major websites. These types of vulnerabilities are routinely overlooked during QA because the process is intended to test what a piece of code is supposed to do and not what it can be made to do. The other problem(s) with business logic flaws is scanners can’t identify them, IDS can’t detect them, and Web application firewalls can’t defend them. Plus, the more sophisticated and Web 2.0 feature-rich a website, the more prone it is to have flaws in business logic.

This presentation will provide real-world demonstrations of how pernicious and dangerous business logic flaws are to the security of a website. He’ll also show how best to spot them and provide organizations with a simple and rational game plan to prevent them.

Where: National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.

November 27th, 2007 Austin OWASP chapter meeting - Robert Hansen (SecTheory.com, ha.ckers.org and is regarded an expert in Web Application Security)

Robert will be talking about different ways to de-anonymize and track users both from an offensive and defensive standpoint. He will discuss how the giants of the industry do it and next generation tactics alike.

Whole Foods, 550 Bowie Street, Austin, TX 78703. Come to the Whole Foods plaza level and sign in with receptionist. See directions to Whole Foods.

October 2007 Austin OWASP chapter meeting  October 30th, 11:30am - 1:00pm at National Instruments "Social networking" - Social networking is exploding with ways to create your own social networks. As communities move more and more online and new types of communities start to form, what are some of the security concerns that we have and might face in the future? by Rich Vázquez, and Tom Brown.

September 2007 Austin OWASP Chapter September 2007  - Tue, September 25, 2007 11:30 AM – 1:00 PM at Whole Foods Meeting 550 Bowie Street, Austin "Biting the hand that feeds you" - A presentation on hosting malicious content under well know domains to gain a victims confidence. "Virtual World, Real Hacking" - A presentation on "Virtual Economies" and game hacking. "Cover Debugging - Circumventing Software Armoring techniques" - A presentation on advanced techniques automating and analyzing malicious code.

August 2007 Austin OWASP chapter meeting - 8/28, 11:30am - 1:00pm at National Instruments. Josh Sokol presented on OWASP Testing Framework and how to use it, along with free and Open Source tools, in a live and interactive demonstration of web site penetration testing.

July 2007 Austin OWASP chapter meeting - 7/31, 11:30am - 1:00pm at Whole Foods. Dan Cornell will be presenting on Cross Site Request Forgery

June 2007 Austin OWASP chapter meeting - 6/26, 11:30am - 1:00pm at National Instruments. James Wickett presented on OWASP Top 10 and using Web Application Scannners to detect Vulnerabilities.

May 2007 Austin OWASP chapter meeting - 5/29, "Bullet Proof UI - A programmer's guide to the complete idiot". Robert will be talking about ways to secure a web-app from aggressive attackers and the unwashed masses alike.

April 2007 Austin OWASP chapter meeting - 4/24, 11:30am - 1:00pm at National Instruments. H.D. Moore (creator of MetaSploit will be presenting)

March 2007 Austin OWASP chapter meeting - 3/27, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.

January 2007 Austin Chapter Meeting - 1/30, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C Conference Room 1S15.

December Meeting - Due to the holidays, there will be no December OWASP meeting. However, we are looking for speakers for the January meeting. If you or anyone you know would be a good candidate, let us know! Happy Holidays!

November 2006 Austin Chapter Meeting - 11/21, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C Conference Room 1S14.

October 2006 Austin Chapter Meeting - 10/31 - Boo!

September 2006 Austin Chapter Meeting - 9/26, 12-1:00 at Texas ACCESS Alliance building located at the intersection of IH-35 South and Ben White

August 2006 Austin Chapter Meeting - Tuesday- 8/29, 11:30-1:30 on the National Instruments campus, Mopac B (the middle building), conference room 112 (in the Human Resources area to the left of the receptionist). See directions to National Instruments. Hint: It is on your left on Mopac if you were heading up to Fry's from Austin.

Austin OWASP chapter kickoff meeting - Thursday, 7/27, 12-2pm @ Whole Foods Market (downtown, plaza level, sign in with receptionist)

Presentation Archives
The following presentations have been given at local chapter meetings:


 * OWASP Testing Framework Austin OWASP Chapter August 2007 Josh Sokol Presentation


 * Single Sign On (7/27)


 * A Rough Start of a Toolset for Assessing Java/J2EE Web Apps (7/27) - MattFranz discussed some custom Python tools he has been writing for conducting security testing of a Struts (and other Java) web applications.


 * AJAX Security: Here we go again - Dan Cornell from Denim Group discussed security issues in the one the popular Web 2.0 technlogy (8/29)