Atlanta Georgia

Local News
2009 was a great year aimed at re-generating some interest for the OWASP movement. We hope to build on this in 2010 and need some help in doing so. If you have some extra cycles and would like to submit a proposal for speaking or hosting a workshop, please don't hesitate to contact us (see Chapter Leads tab below). This year, we hope to see some new faces and would like to get the year started by talking about the new OWASP Top Ten and how to apply them within your application development, testing, or assessment efforts.

On behalf of the chapter, I would like to solicit your financial support of chapter via a tax deductible membership for a great non-profit organization which aims to elevate web application security. Please note that other chapters have the luxury to charge their members for attending some of their meetings. We hope that you find historical and future meetings to be of value and show support via a member based contribution. To contribute to OWASP-Atlanta, go here: Atlanta Georgia

Latest News
We have two meetings this month, one on 12th February by Joseph Gersch (Secure64) on DNS Security & the next one on February 25th, 2010 by Nick Chapman (Secure works) on Embedded Malicious Javascript. Please check the Chapter Meetings tab for more information.

Staying in Touch
New OWASP Atlanta Linkedin Group. For those addicted to LinkedIn, we have a group you can further feed your addiction. The OWASP Atlanta Chapter. http://www.linkedin.com/groups?home=&amp;gid=1811960&amp;trk=anet_ug_hm

Register for the OWASP Atlanta Mailing List by signing up here: http://lists.owasp.org/mailman/listinfo/owasp-atlanta

OWASP Atlanta Supporters
Thanks to the following list of official sponsors and supportive organizations for their financial contributions and resource support.


 * Georgia Tech Information Security Center: [[Image:GTISC logo2.jpg]]
 * Fortify: [[Image:Fortify.jpg]]

2009 OWASP Atlanta Member Survey
The Atlanta OWASP Member Survey has come and gone. Thanks to all those that responded. A subset of the results is shown below in the form of top ranking security topics that members wish to see in 2009. More detailed results will be provided and discussed briefly during our first meeting, April 2nd, 2009.

12th of Feb Meeting
WHAT:: Protecting your DNS from the Kaminsky Attack or "Implementing DNSSEC without losing your mind"

WHEN:: February 12, 2010 6-8pm

WHERE:: Room 1212, Klaus Advanced Computing Building, Georgia Tech :: Web :: Google Maps ::
 * Parking spots: Parking Map - Physics building (Area 4)
 * Campus Bus: Tech trolley runs between Midtown Marta and the venue

WHO:: Joe Gersch, COO of Secure64 SW Corp

ABSTRACT:: When DNS answers are spoofed by attackers, everything on your network is immediately vulnerable. the web, email, app servers, everything. This talk will outline how to protect DNS servers from being poisoned and will explain operational details of DNSSEC and how to implement it with both manual and automated techniques.

RSVP:: http://tr.im/owasp_atl_12feb (Redirects to LinkedIn)

COST: No costs, but all donations will be accepted as it helps pay for meeting related materials and provisions. Best way to support the chapter is to become a member.

25th of Feb Meeting
WHAT:: Embedded Malicious Javascript

WHEN:: February 25, 2010 6-8pm

WHERE:: Room 1447, Klaus Advanced Computing Building, Georgia Tech :: Web :: Google Maps ::
 * Parking spots: Parking Map - Physics building (Area 4)
 * Campus Bus: Tech trolley runs between Midtown Marta and the venue

WHO:: Nick Chapman, SecureWorks

ABSTRACT::  This talk will cover malicious JavaScript currently being used in the wild. It will start with the big daddy of embedded malicious JavaScript, Asprox, which last year gave rise to panicked headlines like "100,000s of websites compromised" and continuing through more recent samples such as the fake Yahoo Counter and the recent MS09-002 exploits. We will look at attack vectors, obfuscation techniques, and multi-stage delivery systems, and exploits used. This will feature the analysis of several samples harvest from the wilds of the Internet.

Bio: My name is Nick Chapman. I'm a security researcher with the SecureWorks Counter-Threat Unit. Prior to focusing on security issues full time, I worked as both a System Administrator and Network Engineer in the ISP world.

RSVP:: http://tr.im/owasp_meeting

COST: No costs, but all donations will be accepted as it helps pay for meeting related materials and provisions. Best way to support the chapter is to become a member.

Past Meetings
Jan 2010 - Owasp Top 10

Oct 2009 - Security Religions & Risk Windows (Jeremiah Grossman)

Sept 2009 - Securing WebServices

Aug 2009 - ISSA Event

June 2009 - OWASP LIVE CD Workshop

Apr 2009 - Filter Evasion Techniques (Workshop)

Apr 2009 - Chapter Rebirth meeting

Atlanta ISACA OWASP Meeting 03.27.09

Atlanta Leadership Meeting 03.05.09

Atlanta Leadership Meeting 02.26.09

Atlanta OWASP May 2007 Meeting

Atlanta OWASP December 06 Social

Atlanta OWASP April Meeting

Chapter Meeting March 29th 2006

October 26th Meeting

April 27th, Chapter meeting a SUCCESS!

March 30th, 2005

February Meeting

June 2005

Atlanta Georgia OWASP Chapter Leaders

 * Tony UcedaVelez - Chapter Lead
 * Charles Burke - Meeting Chairperson
 * Shauvik Roy Choudhary - Marketing Chairperson