Sacramento

Charter
The Sacramento OWASP Chapter promotes the principles of OWASP in our local community with an emphasis on education, local networking opportunities, and fun.

Next Meeting - JUNE 26th
The next OWASP Sacramento meeting will be on Thursday June 26th at 6pm. The topic of this meeting will be Database security. This meeting will be hosted at EDS Medi-Cal in Rancho Cordova, CA. Food, beverage, and the presentation will be provided by Imperva. Please use the online RSVP form below or contact Mpetteys at caiso.com by 6/19/08 if you plan to attend. http://fs2.formsite.com/mpetteys/form790760465/index.html TOPIC

The presentation will be a live, educational demo to demonstrate and facilitate discussion of the top Database Security vulnerabilities. Corporate databases contain the crown jewels of an organization, which means a break-in, by insiders or outsiders, can cost millions in fines, lawsuits, and customer attrition. The good news is there are commonly used methods to attack databases. Attend this event to see a live Database hacking demonstration of SQL Injection and several other DB attacks.

SPEAKER BIO: Ryan Barnett – Director of Application Security Training
 * Understand the most prominent database security threats and how they are carried out
 * Know how to assess and mitigate database threats
 * Have a blueprint for implementing a comprehensive database protection
 * Free copy of the Scuba Database vulnerability scanning tool to help you analyze and identify database vulnerabilities, mis-configurations, unpatched software, unsafe processes, and weak passwords: the high risk security vulnerabilities that expose your databases to attack.

Shan Zhou joined Imperva in 2005 and serves as Security Engineer Manager for the Western United States. Shan has been involved in and is responsible for architecture, design, and implementation of Imperva’s largest customers.

Previously, Shan held similar positions at Sourcefire, the world leader in intrusion prevention technology. Sourcefire grew from an open source startup to raising $86 million dollars in its IPO. Prior to Sourcefire, Shan worked as Global Accounts Systems Engineer at Check Point Software Technologies, integrating Check Point’s security solutions into Fortune 50 companies worldwide.

Shan attended Drexel University majoring in Electrical Engineering. He also participates in various application and network security organizations.


 * LOCATION INFORMATION: Upon arriving at the main entrance, please ask for Robert Grill, office: 916-636-4392, cell: 916-997-9892. Any problems, please contact Matt Petteys, 916-873-4716
 * EDS Medi-Cal (map)
 * 3215 Prospect Park Drive
 * Rancho Cordova, CA
 * 95670

Local News
2008-04-03: Ryan C. Barnett from Breach Security presented "Passive Web Application Defect Identification"

2007-08-02: OWASP Sacramento is requesting votes for the preferred March topic using the following URL. OWASP Sacramento March Topic Survey. This meeting will be sponsored by Breach Security.

2007-11-29: [mailto:roman.hustad@yahoo.com Roman Hustad] from Foundstone presented "Web Application Hacking" to over 40 attendees.

2007-10-01: We have rescheduled the next meeting for November 29th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-08-30: Barmak Meftah from Fortify Software presented "Hack proof your Service-Oriented Architecture" to 15 attendees.

2007-07-15: We have rescheduled the next meeting for August 30th 2007. Please contact [mailto:mpetteys@caiso.com Matt Petteys] with questions or suggestions.

2007-07-01: OWASP Sacramento is requesting comments on future topics using the following URL. OWASP Sacramento Topic Survey

2006-06-27: OWASP Sacramento is planning a public presentation in late August 2007. Contact the [mailto:bobhome@dslextreme.com chapter leader] with questions or suggestions.

2006-05-18: OWASP Moves to MediaWiki Portal - 16:09, 18 May 2006 (EDT)

OWASP is pleased to announce the arrival of OWASP 2.0!

OWASP 2.0 utilizes the MediaWiki portal to manage and provide the latest OWASP related information. Enjoy!