Tampa

Welcome to the OWASP Tampa Local Chapter
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-tampa

If you have any questions about the Tampa chapter, please send an email to the chapter leader Justin Morehouse.

The Tampa chapter is sponsored by GuidePoint Security and ISC2.

Join the OWASP Tampa LinkedIn group here.

A reminder that CISSPs can earn 1 CPE credit for every hour of attendance at OWASP meetings.

Next Meeting
Our next meeting will be held on Thursday, March 19th from 6PM to 8PM.

Our first speaker will be Jeremy “Howie” Howerton from Checkmarx. Howie will be presenting Warning Ahead: Security Storms are Brewing in Your JavaScript. His abstract and bio are below.

Abstract JavaScript controls our lives ? we use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have we ever properly considered the security state of this scripting language?

Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact of JavaScript vulnerability exploitation to the enterprise: from stealing server-side data to infecting users with malware. Hackers are beginning to recognize this new playground and are quickly adding JavaScript exploitation tools to their Web attack arsenal.

In this talk we explore the vulnerabilities behind JavaScript, including: - A new class of vulnerabilities unique only to JavaScript - Vulnerabilities in 3rd-party platforms which are exploited through JavaScript code - HTML5 is considered the NG-JavaScript. In turn, HTML5 introduces a new set of vulnerabilities

Bio Howie is a Senior Application Security Consultant for the award winning SAST solution provider Checkmarx (www.checkmarx.com) In his 15 year career he has worked with some of the largest organizations in the world to define and implement cutting edge security programs within a diverse set of corporate environments. In addition to his application-specific security knowledge, Howie has extensive knowledge and experience at the host, malware, and network security layers. Previous to his current responsibilities at Checkmarx Howie held similar roles with TippingPoint and FireEye. Outside of work, Howie enjoys playing with his two kids and is an avid fan of college basketball (specifically, the Kentucky Wildcats).

Meeting Location
Our next meeting will be held at the GuidePoint Security office in Downtown Saint Petersburg. The address is:

146 2nd Street North, Suite 206, Saint Petersburg, FL 33701

Cash only parking is available across the street in the Muvico parking lot.

Presentation Archives
OWASP Tampa Day 2014 - Shadow IT Does Not Have To Be Shady - Scott VanWart - Presentation Slides here

OWASP Tampa Day 2014 - Offensive Mobile Forensics - Joey Peloquin - Presentation Slides here

OWASP Tampa Day 2014 - OWASP Top 10 for MVC 4 and Greater - James Davis - Presentation Slides here

OWASP Tampa Day 2014 - Application Centric Mobile Application Security Model - Daniel Bender - Presentation Slides here

OWASP Tampa Day 2014 - Intern down for what? - Tony Turner - Presentation Slides here

2014-Q3 - Do we really know the OWASP Top 10? - Jon Singer - Presentation Slides here

2014-Q1 - Herding Cats - Carl Brothers - Presentation Slides here

2014-Q1 - The Enemy Within - Ramece Cave - Presentation Slides here

OWASP Tampa Day 2013 - Securing Your Applications' Data With Web Application Firewalls - Dennis K. Usle - Presentation Slides here

OWASP Tampa Day 2013 - Bring Your Own Service - Doug Maul - Presentation Slides here

OWASP Tampa Day 2013 - Design Consideration & Guiding Principles for Implementing Cloud Security - Bill Sterns - Presentation Slides here

OWASP Tampa Day 2013 - Let's Get Right To The Endpoint - Mel Pless - Presentation Slides here

OWASP Tampa Day 2013 - Vulnerability Management That Works - Tony Turner - Presentation Slides here

2012-Q3 - Taming the B.E.A.S.T. - Richard Newman - Presentation Slides here

OWASP Tampa Day 2012 - Changing the Game - Jason Kent - Presentation Slides here

OWASP Tampa Day 2012 - MDM Technical Presentation - Keith Katz - Presentation Slides here

OWASP Tampa Day 2012 - Federated Identities in the Real World - Nathan Sargent - Presentation Slides here

OWASP Tampa Day 2012 - Define and Optimize Your Approach to Application Security - Bruce Jenkins - Presentation Slides here

OWASP Tampa Day 2012 - Anonymous: Lessons Learned - Bill Church - Presentation Slides here

2012-Q1 - Protecting Against SQLi in Real-Time - Stuart Hancock - Presentation Slides

2011-Q4 - How Not to Build Android Apps - Jack Mannino - Presentation Slides here

2011-Q4 - Behind Enemy Lines: Practical & Triage Approaches to Mobile Security Abroad - Justin Morehouse - Presentation Slides here

2011-Q3 - Hiding in Plain Sight - Ramece Cave - Presentation Slides here

2011-Q3 - PCI Compliance 2.0 - Kate Mullin - Presentation Slides here

OWASP Tampa Day 2011 - PCI for Developers: Lessons from the Real World - Trevor Hawthorn - Presentation Slides here

OWASP Tampa Day 2011 - Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them - Rinaldi Rampen - Presentation Slides here

OWASP Tampa Day 2011 - How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams - Bruce Jenkins - Presentation Slides here

OWASP Tampa Day 2011 - Analysis of Deadly Combination of XSS and CSRF - Sherif Koussa - Presentation Slides here

2011-Q1 - Real Lessons of Deploying Static Analysis in Development Groups - Jeff LoSapio - Presentation Slides here

2011-Q1 - Intelligence Gathering for Penetration Testers: Opening Doors with Metadata - Chris Patten - Presentation Slides here

2011-Q1 - Vulnerability Management in an IPv6 World - Richard Newman &amp; Brett McKinney - Presentation Slides here

2010-Q4 - Nessus Bridge for Metasploit - Zate Berg - Presentation Slides here

2010-Q2 - Stealing Guests...The VMware Way - Justin Morehouse &amp; Tony Flick - Presentation slides here

2010-Q1 - The New World of Smartphone Security - Trevor Hawthorn - Presentation slides here

2009-Q3 - Hacking the Smart Grid - Tony Flick - Presentation slides here

2009-Q2 - Open SAMM - Zate Berg - Presentation slides here

2009-Q1 - XSS Anonymous Browser - Matt Flick - Presentation slides here

2008-Q4 - Google Code Search : The pitfalls of Copy/Paste - Tony Flick - Presentation slides here