Tampa

Welcome to the OWASP Tampa Local Chapter
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa

If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.

The Tampa chapter is sponsored by GuidePoint Security and ISC2.

Join the OWASP Tampa LinkedIn group here.

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

Next Meeting
Our next meeting will be held on Wednesday, March 12 from 6 PM to 8 PM at GuidePoint Security in Downtown Saint Petersburg. We will have two presentations. The first, from Carl Brothers of F5 Networks is entitled Herding Cats. The second, from Ramece Cave of Solutionary is entitled The Enemy Within. Information on both presenters and their presentations is below.

The following is an agenda for our next meeting:  5:45 PM to 6:00 PM - Check-in 6:00 PM to 7:00 PM - Presentation 7:00 PM to 7:15 PM - Break 7:15 PM to 8:00 PM - Presentation 

Herding Cats - Carl Brothers, F5 Networks Ensuring that we can provide security and availability for on premise apps and cloud based apps, that are increasingly being accessed from uncontrolled devices feels like a never ending struggle to keep the cats in the corral. Let’s discuss the tools and approaches we can use to ensure that security <> decreased performance, revenue or customer satisfaction.

Carl Brother Biography Carl Brothers joined F5 as a Field Systems Engineer after many years of being an F5 customer. Carl's previous roles have ranged from operations to systems engineering at a top 30 e-tailer and a global manufacturing company. Carl has considerable experience with web-based and virtualization technologies, including Citrix, Microsoft and VMware.

'The Enemy Within - Ramece Cave, Solutionary Web Server Intel Correlation (might change the name). The presentation will discuss how and why web servers play a role in intelligence gathering and threat correlation. It will go over previous hacking campaigns and how data was leveraged for exploitation or exfiltration, and how compromised servers are being used.

Ramece Cave Biography Began working in information security in the Internet Abuse department at UUNET in 1999. Over the past 10 years have been focusing on forensics, reverse engineering, and malware analysis; in various incident response and SOC positions. Currently work as Research Analyst at Solutionary.

Meeting Location
Our next meeting will be held at the GuidePoint Security office in Downtown Saint Petersburg. The address is:

146 2nd Street North, Suite 206, Saint Petersburg, FL 33701

Cash only parking is available across the street in the Muvico parking lot.

Presentation Archives
OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides here

OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides here

OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides here

OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides here

OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides here

2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides here

OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides here

OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides here

OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides here

OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides here

OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides here

2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides

2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides here

2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides here

2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides here

2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides here

OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides here

OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides here

OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides here

OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides here

2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides here

2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides here

2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides here

2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides here

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides here

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here

2009-Q2 - Open SAMM - Zate Berg - Presentation slides here

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here