Houston

=Upcoming Events=

Monday August 22, 2016 at 6:30PM
We will meet at the NetIQ offices from 6:30-8:30PM on Monday, August 22, 2016.

August speaker and topic - Roger Huebner, Corporate Architect/Distinguished Engineer at NetIQ, will be speaker on Docker and containers. Since so many developers are adopting this approach to deployment and operations teams are also embracing this growing trend, it is important to learn about it so that we can help secure these application containers as well.

Monday September 19, 2016 at 6:30PM
Title: Web App Testing Stats Compared to The OWASP Top 10

Description:

For over seven years, Cigital has performed high volumes of application security assessments through the Cigital Assessment Center (CAC). Over that time the CAC has accumulated a large amount of data that provides helpful insights into software security practices. We’ll present the most common web application security vulnerabilities identified over one year by the CAC, contrasting our findings with one of the industry’s leading benchmarks, the OWASP Top 10.

Bio:

Joel Scambray is a Principal at Cigital, a leading software security consulting firm established in 1992. He has helped Fortune 500-class organizations address information security challenges for over twenty years as a consultant, author and speaker, business leader, and entrepreneur. He is widely recognized as co-author of the Hacking Exposed book series, and has worked/consulted for companies including Microsoft, Foundstone, Amazon, Costco, Softcard, and Ernst & Young.

Monday October 17, 2016 at 6:30PM
Title: Is Your Vulnerability Management Program Evolving? Introducing the Vulnerability Management Maturity Model – VM3

Speaker Name: Gordon MacKay

Presentation Abstract:

Vulnerability management (VM) solutions and products that are central to every information security program contain a serious “hidden” flaw. This software flaw is interleaved within pattern matching-like algorithms located deep within the foundational core of the most widely used automated VM solutions on the market. As a direct consequence of this flaw, even though these products report a certain level of network security risk, the metric upon which their calculations are based is skewed, resulting in an unintentional gap between the products’ intended information risk measurement and the erroneous measurement actually reported. This session covers the technical details of the referred to hidden flaw, its consequences and what you can do to limit your exposure.

Speaker Bio

Gordon MacKay, CISSP, serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology. MacKay has presented at numerous security related conferences, including Bsides Austin 2016, BSides San Antonio 2016, BSides Dallas 2015, RSA 2013, ISC2 San Antonio, ISSA Houston, ISACA San Antonio, and has been featured by top media outlets such as CIO Review, FOX Business, Fox News, Softpedia, IT World Canada and others. He holds a Bachelor's in Computer Engineering from McGill University. He is a Distinguished Ponemon Institute Fellow.

=Past Events=

Monday July 18, 2016 at 6:30PM
Michael F. Angelo, CRISC, CISSP | Chief Security Architect at Micro Focus | NetIQ Corporation went over Threat Modeling basics and philosophy as well of some of the tools that he uses. We had a solid turnout and a great deal of audience participation and discussion.

Monday June 20, 2016 at 6:30PM
We met at the NetIQ offices from 6:30-8:30PM on Monday June 20, 2016 to restart the chapter and had a great turnout.

Meeting Agenda:

1. Introductions of all attendees to gain a solid understanding of backgrounds, interests, and what people would like to learn about.

2. Upcoming security related conferences - LASCON in Austin, Cyber Texas in San Antonio

3. Major OWASP Projects that have been updated recently or currently being worked on: OWASP Top 10 - 2016 Data Call discussion question review. Proactive Controls, ASVS 3, Developer Guide reboot, OpenSAMM, WAFEC updates, OWASP Testing Guide, WebGoat 7

4. Discussion about possible study groups that we want to start having. For example, CISSP or CSSLP certification preparation, Hacking-Live CD interactive sessions. OWASP ZAP workshop (leveraging bodgeit, WebGoat, and Security Shepherd), other books or projects people would like to pursue.

5. Topics that people would like to see discussed at the next meeting and how often they would like to meet. Ideally, we could meet once a month for the normal meeting and then at least twice a month for study groups. This has been very successful for the Austin chapter.

February 20th 2014 at 6PM
Greetings,

We have a new venue sponsored by TXRX Labs. If you haven't been to TXRX labs its 16,000-square-foot hacker space on the east side of downtown. They provide educational classes like Intro to LinuxCNC and host recreational programming events. They also have classes on knitting, welding, soldering, bike repair, and pancakes. This is a great space for learning in Houston and that's why we're exploring its use for OWASP workshops.

Our first Workshop topic for 2014 will be an introduction to Metasploit led by Dennis Maldonado(@DennisMald).

Dennis is a security enthusiast/researcher with an interest in web application security and how web application vulnerabilities can be used to gain a foothold into the network.

Dennis will be hosting a workshop on Metasploit and how it can be utilized for web application security assessments. If you haven't been to an OWASP Houston Workshop before, you are encouraged to bring a laptop to follow along with the presentation, ask questions, and test out concepts.

Reception 6PM-7PM

Presentation 7PM-8PM

Questions/Audience Participation 8PM-9PM We will update this event to include more details as we confirm them.

TXRX Labs 205 Roberts St, Houston, TX

www.txrxlabs.org

RSVP at http://www.meetup.com/OWASP-Houston/events/163900402/

Thank you,

OWASP Houston

Thursday, August 15, 2013 at 6:00 PM
You Hear Me Now? Leveraging Mobile Devices on Pentests Sheraton Suites Houston Galleria 2400 West Loop S, Houston, TX Details

Thursday, September 19, 2013 at 6:00 PM
Please join us at Stag's Head pub on September 19th at 6PM for an OWASP Houston Happy Hour. Drinks are on us while the budget lasts. This will be the last Happy Hour meeting of the year. Details

Thursday, October 17, 2013
1706 Yorktown St, Houston, TX Please join us for another OWASP Houston workshop. This will be a hands on exercise in security topics. Details

Friday, November 15, 2013
Sheraton Suites Houston Galleria 2400 West Loop S, Houston, TX More details will be added. This will be the last meeting of the 2013 year for OWASP Houston. We will not be meeting in December. Details

Thursday, February 21, 2013 at 6PM CST
Please join us for our May Mini-Con, 6PM May 16th, at the Sheraton Suites, 2400 W. Loop South, Houston, Texas 77027. We're trying a new location this time. This is a free event, but space is limited. We will be providing food and beverage. Please register for a ticket to confirm your space at the event. If tickets are unavailable, we will have some standing room. We are pleased to annnounce the speakers and topics of the evening... Catching Flies with Mr Miyagi: Web Application Testing Techniques by Kevin Johnson In this talk based loosely around the Karate kid movies, Kevin John (CEO of Secure Ideas) will walk through some techniques to improve your web penetration testing techniques. Stop being the kid moved from NJ and dropped into a cruddy apartment. Learn the wax on/off of testing modern web applications. Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA. WTF, WAF Testing Framework by Terry Ray Terry Ray will be presenting an approach to evaluating web application firewall capabilities that is suitable to the real world use case. The methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. He will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment. When and Where? Thursday, May 16th from 6PM-9PM Sheraton Suites 2400 W. Loop South Houston, Texas 77027 For Directions: (713) 586-2444 Seating is limited, so please read these directions carefully: RSVP'ing on meetup.com will not guarantee entry to the event. This is a limited capacity event. If you would like to guarantee the availability of a seat please reserve a ticket with Eventbrite @ Reserve a Ticket

Thursday, March 14, 2013 at 6PM CST
Sponsors: Imperva - Business Security Solutions - Complete Data Security Alert Logic Brings Network Security & Cloud Security Services to You Please join us for an OWASP Houston March Happy Hour. More details coming soon. When: Thursday, March 14, 2013 at 6PM CST Where: Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098 Phone: (713) 533-1199

Thursday, February 21st, 2013 at 6PM CST
Sponsors: Imperva - Business Security Solutions - Complete Data Security Alert Logic Brings Network Security & Cloud Security Services to You Please join us for an OWASP Houston March Happy Hour. More details coming soon. When: Thursday, February 21st, 2013 at 6PM CST Where: Westin Galleria, Imperial Suite

Thursday, January 31st at 6PM
Sponsored by: Imperva and AlertLogic Join us for an OWASP Houston Workshop. During this workshop, attendees will be lead through the process of discovering and reporting vulnerabilities. We will start by reviewing source code for common vulnerabilities. Once we identify interesting code, we will test the application to confirm our findings. Finally, we will discuss reporting. If you would like to participate please bring your laptop. You should prepare a virtual machine with Linux, Apache, Mysql, and PHP. We will have members helping with virtual machine configurations and assistance. If you just want to watch, that's fine too. We look forward to your attendance. Sponsored by: Imperva, Alert Logic When: January 31st 2013 (Thursday 6PM - 8PM) Where: Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098 Phone: (713) 533-1199

OWASP Houston Kick-Off Meeting (Nov. 19th)
We'll be reviewing survey results and trying to finalize some details like when and where to hold our meetings. If you want to get involved with OWASP Houston now is the time. Sponsored by: Imperva, Alert Logic When: November 19th 2012 (Monday 6PM - 8PM) Where: Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098 Phone: (713) 533-1199

=Sponsors= Imperva - Business Security Solutions - Complete Data Security Alert Logic Brings Network Security & Cloud Security Services to You Solid Border | Network Security Reseller Barracuda Networks Stach & Liu Netflix - Watch TV Shows Online, Watch Movies Online Secure Ideas -- Professionally Evil

=RSVP=

RSVP
Please RSVP via the Eventbrite link listed for the event you'd like to attend.

=Sponsorship Opportunities=

Sponsorship Opportunities
We're always looking for sponsors to help us provide the highest quality experience for our attendees. For sponsoring OWASP Houston we will list your name on our site, mention your sponsorship in all announcements on the mailing list, send us a banner and we'll hang it at the event, and send you some pictures. If you'd like to send someone to attend the event we will make room for a table. We encourage sponsors to have raffles to try and capture leads. Rather than sponsoring just one event consider sponsoring a few.

Opportunity #0 - Workshops
We are currently mapping out workshops for 2016 and 2017. These will be meetings dedicated to hands on education. This could be related to programming a vulnerability scanner, auditing source code, exploiting a vulnerability, or mini-ctf. Your sponsorship of this event includes appetizers and beverages for the attendees. Due to popularity, sponsoring a workshop is a $500 dollar commitment.

Opportunity #1 - Happy Hour Meeting
We have not yet scheduled any happy hour meetings for 2016 or 2017, but we are actively considering dates. These will be social meetings where attendees build a local security community. We estimating the need for $500 in food and drink per meeting. By giving sponsors drink tickets to hand to attendees, we ensure that our sponsors are able to interact with everyone looking for another drink. Feel free to pass out business cards and network just like you would anywhere else.

Opportunity #2 - Formal Presentation Meeting
We normally have one or two speakers at each formal presentation meeting. Sometimes the presenter is from out of state, so we try to defer some of their travel expenses. Your sponsorship of this event includes food and beverages for the attendees. We are seeking $700 per sponsor to cover our expenses.

Opportunity #3 - OWASP Presenter Sponsorship
Although OWASP is a non-profit organization, we strive to provide our members with the best presenters possible. In exchange for covering travel expenses for these presenters, our chapter will provide you with five minutes at the start of the meeting to introduce yourself and tell us about the products or services that your company offers. This benefit is in addition to special mention for sponsoring the travel. The speakers traveling expenses may vary but with a $1,200 donation we think we can handle the rest.

=Call for Papers=

Call for Papers
We're actively accepting abstracts. Please send all abstracts to paul dot scott at owasp dot org.

=Local News=

Local News
Worthwhile information.