Austin

Local News
If a link is available, click for more details on directions, speakers, etc. You can also review Email Archives to see what folks have been talking about

Next Meeting
When: December 4th, 2007, 11:30am - 1:00pm

Who: Jeremiah Grossman''' (WhiteHat Security, CTO, OWASP Founder, Security Blogger)

Topic: Business Logic Flaws

Session handling, credit card transactions, and password recovery are just a few examples of Web-enabled business logic processes that malicious hackers have abused to compromise major websites. These types of vulnerabilities are routinely overlooked during QA because the process is intended to test what a piece of code is supposed to do and not what it can be made to do. The other problem(s) with business logic flaws is scanners can’t identify them, IDS can’t detect them, and Web application firewalls can’t defend them. Plus, the more sophisticated and Web 2.0 feature-rich a website, the more prone it is to have flaws in business logic.

This presentation will provide real-world demonstrations of how pernicious and dangerous business logic flaws are to the security of a website. He’ll also show how best to spot them and provide organizations with a simple and rational game plan to prevent them.

Where: National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.

Cost: Always Free

Questions or help with Directions... call: James Wickett at (512) 964 6227 or Scott Foster 512-637-9824.

Future Speakers and Events
January 29th, 2008 - Mark Palmer, Hoovers and Geoff Mueller, NI

February 26th, 2008 - Dan Cornell, Denim Group

March 25th, 2008 - OPEN

TRISC 2008 (San Antonio) April 20-23 ** Non-OWASP event, but worth checking out **

April 29th, 2008 - OPEN

May 27th, 2008 - OPEN

June 24th, 2008 - OPEN

Record Hall of Meetings
November 27th, 2007 Austin OWASP chapter meeting - Robert Hansen (SecTheory.com, ha.ckers.org and is regarded an expert in Web Application Security)

Robert will be talking about different ways to de-anonymize and track users both from an offensive and defensive standpoint. He will discuss how the giants of the industry do it and next generation tactics alike.

Whole Foods, 550 Bowie Street, Austin, TX 78703. Come to the Whole Foods plaza level and sign in with receptionist. See directions to Whole Foods.

October 2007 Austin OWASP chapter meeting  October 30th, 11:30am - 1:00pm at National Instruments "Social networking" - Social networking is exploding with ways to create your own social networks. As communities move more and more online and new types of communities start to form, what are some of the security concerns that we have and might face in the future? by Rich Vázquez, and Tom Brown.

September 2007 Austin OWASP Chapter September 2007  - Tue, September 25, 2007 11:30 AM – 1:00 PM at Whole Foods Meeting 550 Bowie Street, Austin "Biting the hand that feeds you" - A presentation on hosting malicious content under well know domains to gain a victims confidence. "Virtual World, Real Hacking" - A presentation on "Virtual Economies" and game hacking. "Cover Debugging - Circumventing Software Armoring techniques" - A presentation on advanced techniques automating and analyzing malicious code.

August 2007 Austin OWASP chapter meeting - 8/28, 11:30am - 1:00pm at National Instruments. Josh Sokol presented on OWASP Testing Framework and how to use it, along with free and Open Source tools, in a live and interactive demonstration of web site penetration testing.

July 2007 Austin OWASP chapter meeting - 7/31, 11:30am - 1:00pm at Whole Foods. Dan Cornell will be presenting on Cross Site Request Forgery

June 2007 Austin OWASP chapter meeting - 6/26, 11:30am - 1:00pm at National Instruments. James Wickett presented on OWASP Top 10 and using Web Application Scannners to detect Vulnerabilities.

May 2007 Austin OWASP chapter meeting - 5/29, "Bullet Proof UI - A programmer's guide to the complete idiot". Robert will be talking about ways to secure a web-app from aggressive attackers and the unwashed masses alike.

April 2007 Austin OWASP chapter meeting - 4/24, 11:30am - 1:00pm at National Instruments. H.D. Moore (creator of MetaSploit will be presenting)

March 2007 Austin OWASP chapter meeting - 3/27, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C which is the tallest building on campus (8 levels). There will be signs posted in the lobby to direct you where to go and the receptionists will be able to assist you as well. See directions to National Instruments.

January 2007 Austin Chapter Meeting - 1/30, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C Conference Room 1S15.

December Meeting - Due to the holidays, there will be no December OWASP meeting. However, we are looking for speakers for the January meeting. If you or anyone you know would be a good candidate, let us know! Happy Holidays!

November 2006 Austin Chapter Meeting - 11/21, 11:30am - 1:00pm at National Instruments, 11500 N Mopac, Building C Conference Room 1S14.

October 2006 Austin Chapter Meeting - 10/31 - Boo!

September 2006 Austin Chapter Meeting - 9/26, 12-1:00 at Texas ACCESS Alliance building located at the intersection of IH-35 South and Ben White

August 2006 Austin Chapter Meeting - Tuesday- 8/29, 11:30-1:30 on the National Instruments campus, Mopac B (the middle building), conference room 112 (in the Human Resources area to the left of the receptionist). See directions to National Instruments. Hint: It is on your left on Mopac if you were heading up to Fry's from Austin.

Austin OWASP chapter kickoff meeting - Thursday, 7/27, 12-2pm @ Whole Foods Market (downtown, plaza level, sign in with receptionist)

Presentation Archives
The following presentations have been given at local chapter meetings:


 * OWASP Testing Framework Austin OWASP Chapter August 2007 Josh Sokol Presentation


 * Single Sign On (7/27)


 * A Rough Start of a Toolset for Assessing Java/J2EE Web Apps (7/27) - MattFranz discussed some custom Python tools he has been writing for conducting security testing of a Struts (and other Java) web applications.


 * AJAX Security: Here we go again - Dan Cornell from Denim Group discussed security issues in the one the popular Web 2.0 technlogy (8/29)