OWASP Bay Area

Bay Area Chapter Board

If you want to know more about the OWASP Bay Area chapter then please mail below chapter leaders:

Chapter Meetings

Bay Area OWASP Chapter meetings are posted on our meetup!

Please visit http://www.meetup.com/Bay-Area-OWASP/ for all chapter event information.

Our next event

We hold regular events across the OWASP Bay Area.

Check out our meetup page for upcoming events: [https://www.meetup.com/Bay-Area-OWASP/

About OWASP Bay Area Chapter

Geographic Area of Bay Area Chapter

The ‘Bay Area’ is actually the San Francisco Bay Area in California, which is near other large towns that are across the bay from San Francisco such as Berkeley and Oakland, and south of San Francisco are San Mateo, Palo Alto, and the whole San Jose area. Currently, the Bay Area OWASP Chapter covers this whole geographic region.

Notes about OWASP presentations

OWASP presentations are geared for a technical audience. We are particularly interested in new approaches to tackling application security problems, defensive techniques for new technology in the application security space and lessons learned from developers and security professionals tackling application security. Please consider a wide breadth of topic areas and we can discuss if they should be tailored in a particular direction for the OWASP audience.

OWASP chapter presentations must not be sales pitches and must adhere to a vendor neutral approach to the topic.

Chapter Meetings

OWASP Bay Area Meetup - All events can be found here

About Presentation Events

Presentation events will feature 1 or more speakers discussing application security. These events will include a networking session, with drinks and food, before and after the event.

About OWASP Social Hours

The purpose of the OWASP social gathering is:

  • Informal security chat - the benefits of “hallway con” and security talk with others in the industry
  • Networking - meet other people in the field and industry
  • After work drinks - a nice break after a long work day

Note: These events won’t have any formal presentations. They’re meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events. https://www.owasp.org/index.php/Bay_Area

Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact [email protected]

Past Events

2018 Past Events

March 2018 - AppDynamics

• 6:30 - Doors open

• 7:00-7:30 - HUNT: Data Driven Web Hacking & Manual Testing (JP Villanueva)

• 7:35-8:05 - Detecting suspicious activity: Time-based analysis of DNS traffic (Barak Raz)

• 8:05-9:00 - Networking

March 2018 - Intuit

• 6:30 - Doors open

• 7:00-7:30 New Attacks Against Unencrypted Traffic (Travis Hassloch)

• 7:35-8:05 - “Offensive Defense” - The best defense is a good offense (Stephan Chenette)

• 8:05-9:00 - Networking

*Special Event* - February 2018 - HackerOne

Hacker Thursday - Mobile Application Security

*Special Event* - January 2018 - CircleCI

Hacker Thursday - Application Security Automation with OWASP ZAP 2.7.0

January 2018 - Smyte

• 6:30 - Doors open

• 6:45 - 6:55 News Bites (Lina)

• 7:00-7:30 - Simple is Better: Fighting Online Abuse with Rate Limiter

• 7:35-8:05 - Reporter -> P.I. -> Security Engineer - How Curiosity Led to an InfoSec Career (Tad Whitaker)

• 8:10-8:40 - XXE Vulnerabilities: From the Beginning Till Now (Ivan Novikov)

• 8:40-9:00 - Networking

2017 Past Events

*Special Event* - December 2017 - Shape Security

Hacker Thursday - Unorthodox Security Assessment: OSINT for Intelligent Attacks

Nutan Kumar Panda

December 2017 - Contrast Security

• 6:30 - Doors open

• 6:45-7:00 - Welcome

• 7:00-8:00 - Three Ways of Security (Jeff Williams)

• 8:00-9:00 - Networking and Giveaways!

November 2017 - Credit Karma

• 6:30 - Doors open

• 6:45-7:00 - News with Hardeep Singh

• 7:00-7:30 - Three Keys for SecDevOps Success (Frank Kim)

• 7:35-8:05 - TLS for Microservices (Michael Cline)

• 8:05-9:00 - Networking

*Special Event* - November 2017 - Credit Karma

Hacker Thursdays: Learn secure coding with a live tournament

Stephen Allor

*Special Event* - October 2017 - ShieldX Networks

Hacker Thursdays:- Dissecting Injection vulnerabilities

Matt Torbin

September 2017 - Distil Networks

• 6:30 Doors Open

• 6:45 - 7:15 “The Great Bot Gift Card Heist” - Kevin Bottomley

• 7:20 - 7:50 “Scaling Application Security with DevSecOps” - Abhay Bhargav

• 7:55 - 8:25 “The Struts Vulnerability” - Prashant Venkatesh

• 8:25 - 9:00 Networking

• 9 Doors Close

September 2017 - Intuit

• 6:30 Doors Open

• 6:45 - 7:15 “Making Vulnerability Management Less Painful with OWASP DefectDojo” - Greg Anderson

• 7:20 - 7:50 “Crikey! Pirates Be Lurkin’ at the Single Sign-On Watering Hole” - Mike Hunter

• 7:55 - 8:25 “There’s a new sheriff in town; dynamic security group recommendations with Grouper and Dredge” - Kevin Glisson

• 8:25 - 9:00 Networking

• 9 Doors Close

September 2017 - Lending Club

• 6:30 Doors Open

• 6:45 - 7:25 “Introducing the OWASP Game Security Framework” - Daniel Miessler

• 7:30 - 8:10 “Motherhood, Mental Health, and a Career in CyberSecurity”

  • Caroline Wong

• 8:10 - 9 Networking

• 9 Doors Close

*Special Event* - September 2017 - Lending Club

Web Application Penetration Basics

Ty Sbano

June 2017 - Lending Club

• 6:30 Doors Open

• 6:45 - 7:25 “Introducing the OWASP Game Security Framework” - Daniel Miessler

• 7:30 - 8:10 “Motherhood, Mental Health, and a Career in CyberSecurity”

  • Caroline Wong

• 8:10 - 9 Networking

• 9 Doors Close

May 2017 - Netflix (videos on youtube)

• 6:30 Doors Open

• 6:45 - 7:15 “All you email are belong to us: exploiting vulnerable email clients via domain name collision” - Ilya Nesterov and Maxim Goncharov

• 7:20 - 7:40 “Attacking & Defending DevOps” - Patrick Thomas

• 7:45 - 8:05 “LISA - Location Independent Security Approach” - Bryan Zimmer

• 8:05 - 9 Networking and Netflix OSS expo

• 9 Doors Close

April 2017 - Pandora (videos on youtube)

• 6:30 Doors Open

• 6:45 - 7:30 “Effective AppSec Metrics” - Caroline Wong

• 7:35 - 8:20 “IoT Exploitation 101” - Aditya Gupta

• 8:25 - 9:00 Networking

• 9:00 Doors Close

March 2017 (2) - Ebay

• 6:30 Doors Open

• 6:45 - 7:15 “Cracking Financial Systems” - John Menerick

• 7:20 - 7:50 “Hacking Mainframes” - Philip Young

• 7:55 - 8:25 “Hacking Smart Door Locks with Bluetooth Relay Attacks” - Mike Ryan

• 8:25 - 9 Networking

• 9 Doors Close

March 2017 - NetSpi

• 6:30 Doors Open

• 6:45 - 7:15 “Cracking Financial Systems” - John Menerick

• 7:20 - 7:50 “SQL Server Security” - Scott Sutherland

• 7:50 - 9 Networking

• 9 Doors Close

January 2017 (2) - Synack

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1

Robert Wood - Bringing Red Teaming to the Board Room

• 7:45 - 8:30 Panel Discussions

• 8:30+ Networking

• 9 Doors Close

January 2017 - Bleacher Report

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1

Robert Wood - Bringing Red Teaming to the Board Room

• 7:45 - 8:30 Talk 2

Rob Witoff - Security Automation With Immutable Infrastructure

• 8:30+ Networking

• 9 Doors Close

2016 Past Events

November (2) 2016 - Linkedin

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 (Rohit Pitke, Mukul Khullar - A walkthrough on AWS Security Pitfalls)

• 7:45 - 8:30 Talk 2 (Scott Behrens - Cleaning Your Applications’ Dirty Laundry With Scumblr )

• 8:30+ Networking

November 2016 - Salesforce

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 -Will Bengston and Travis McPeak - Jumpstart a Bandit Program in Your Organization

• 7:45 - 8:30 Talk 2 - Kuba Sendor (@jsendor), Yelp - “Slicing Apples with Ninja Sword: Fighting Malware at the Corporate Level”

September 2016 - Twitter

• 6:30 Doors Open

• 6:45 - 7:30 Talk 1 - Ron Hamilton, Performance Technology Partners (PTP)

• 7:45 - 8:30 Talk 2 - Luca Carettoni, LinkedIn Defending against Java Deserialization Vulnerabilities

June 2016 - Visa

6:30 - Doors Open

6:45 - Talk 1 - Secure by Default Stack: Web Application Security Infrastructure - Pritam Mungse, Visa

7:30 - Break

7:40 - Talk 2 - Research on HTTPS error storage policies, Adrienne Porter Felt, Google

8:30 - Networking

May 2016 - Thoughtworks

• 6:30 Doors Open

• 6:45-7:45 Chris Steipp,  Security Team - Wikimedia (How the Wikimedia Foundation promotes security in the open-source projects)

• 7:50 - 8:20 Michael Coates, TISO at Twitter & Kyle Randolph, Principal Security Engineer at Optimizely - Strategies for growing your AppSec team & influence

• 8:20+ Networking

April 2016 - Lending Club

6:30- Doors Open

6:40 - 7:15 - Joe Rozner, Richard Meester,  Prevoty - Sinking Your Hooks in Applications (from AppSecUSA 2015)

7:20 - 7:55 - Martin Vigo, Salesforce - Attacks on LastPass (from BlackHat 2015)

8:00 - 8:25 - Russell Sherman and Jonathan Carter, Lending Club –Adventures in Running Your Own CTF

February 2016 - RiskIQ

2015 Past Events

OWASP AppSecUSA was held in San Francisco in September, 2015 - the biggest OWASP conference to date!

Chapter meetings can be found on the meetup page

2014 Past Events

  • December 2014 - San Francisco @ Mozilla
    • OWASP Chapter Meeting in San Francisco hosted by Mozilla
    • Jasvir Nagra, Google - Firing Bots at Bugs
    • Sergey Shekyan & Bei Zhang, Shape Security - Headless Browsers Hide and Seek
  • August 2014 - San Francisco @ Lookout
    • OWASP Chapter Meeting in San Francisco hosted by Lookout
    • Paul McMillan from Nebula @PaulM - Attacking the Internet of Things using Time
    • Ben Hagen from Netflix @BenHagen
      • Cloud Security at Scale and What it Means for Your Application
  • May 2014 - Redwood City @ Evernote
    • OWASP Chapter Meeting in Redwood City hosted by Evernote
    • Arshad Noor - CTO, StrongAuth
    • Rich Tener - Director of Security, Evernote
  • March 2014 - San Francisco @ Stripe
    • OWASP Social Hour in San Francisco - Wednesday, Mar 12, 2014
    • Hosted by Stripe
  • Feb 2014 - San Jose @ Jillians
    • OWASP Developer Training & Social Hour - Monday 2/24/2013
    • Hosted by OWASP at Jillian’s Billiards Club
  • Feb 2014 - Special Free Training Event
    • OWASP is hosting a special security boot camp for all RSA attendees and local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.
    • Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top
      1. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
  • Jan 2014 - San Jose @ F5
    • OWASP Social Hour in San Jose - Wednesday 1/22/2013
    • Hosted by F5

2013 Past Events

  • Dec 2013 - San Francisco @ Twilio
    • OWASP Social Hour in San Francisco - Thursday 12/19/2013
    • Hosted by Twilio
  • Nov 2013 - San Francisco @ LendingClub
    • OWASP Social Hour in Mountain View - Wednesday 11/6/13
    • Hosted by LendingClub
  • Sept 2013 - Mt View @ Shape Security
    • OWASP Social Hour in Mountain View - Wednesday 9/25/13
    • Hosted by Shape Security
  • July 2013 - Berkeley @ University of Berkely
    • OWASP Presentation Meeting
    • An Empirical Study of Vulnerability Rewards Programs, Devdatta Akhawe
    • “Putting Your Robots to Work”, Twitter Security Team

Images

Recent meetup pics can be found here.


We organize a unique workshop stlye event called hackerdays.Follow this page for the next Hackerday announcement.


Please contact below OWASP Bay Area Chapter Leaders for anything related to chapter activities:-

Travis Mcpeak

A senior information security professional with 9 years of experience spanning people management, cloud security, application security, and automation for Netflix, IBM, HP, and Symantec.
 Travis’s open source experience includes serving as lead developer/architect on popular projects Repokid and Bandit. Apart from been part of OWASP Bay Area chapter leadership, In the past he has been involved in communities like OpenStack Security and the Cloud Foundry Security team. He has been a guest on several security-related podcasts and has been speaker at conferences AWS re:Invent, Black Hat USA, Enigma, AppSec Cali, BSides SF, and QCon SF. 
Travis has a MS in Information Assurance from Santa Clara University and a BS in Computer Science from CSU Long Beach.

Prashant k Venkatesh

Presently working as Staff Security and Threat Engineer at Kohls Department Stores.Prashant has overall 17 plus years of experience in Information security. He has been associated with OWASP for more than 10+ years in various capacities including been an Honorary member, founding organizer of OWASP Seasides conference, Call for papers reviewer at OWASP Indonesia conference and Bangalore chapter lead. He has spoken at various conferences like nullcon, c0c0n, Blackhat etc. He has Industry recognized certifications like OSCP, CISSP, CEH and CCSK. Prashant has BE in Electronics and Communications from Rajiv Gandhi University Bhopal, India.

Brendan Higgins

Presently working as Director of Information security at Pivotal(acquired by VMware) Brendan has more than twenty years of experience in Information security. He has worked in various capacity at various organizations like Adobe, Jetform etc. He is a CISSP and a thought leader in Cloud security and IAM domain. Brendan has BE in Industrial Engineering and Information Systems from National University of Ireland

Siddhartha Rao

A young information security professional currently working as a Senior Security Analyst at Cisco Systems. Siddhartha started his journey as a student and now has 5+ years of experience spanning incident response, monitoring and detection engineering, digital forensics, cloud security and vulnerability management. He has been a part of the OWASP Bay Area chapter for over 3 years and OWASP NYC for a year before that. He currently manages Bay Area chapter’s YouTube channel, and has organized meetups, served on the CFP/CFT committee of AppSec California, organized online CTFs and represented OWASP at BSides SF in the past. Siddhartha also mentors many students interested in pursuing a career in information security and holds industry recognized certifications like OSCP, GCIH, GCFA and CEH. He has a MS in Computer Science from Pace University, NYC and a BE in Computer Science from Vishwakarma Institute of Information Technology, Pune.

Previus Chapter Leaders

Leif Dreizler

Currently manages the Product Security Team at Segment where he partners with software engineering teams to help build security features. He enjoys helping others grow within the security community and helps organize multiple conferences and meetups. Leif has also spoken at various conferences and appeared on security podcasts.

Tad Whitaker

Presently working as Engineering Manager - Security at CircleCI Apart from being Integral part of the Bay Area OWASP chapter leadership group, Tad is a licensed private investigator and mentors many junior engineers. He is one of the founders of the Day of Shecurity workshop (dayofshecurity.com) designed at making it easier for women to enter the security domain. Tad is also an advisor to the HS(2) STEM program at Colorado Rocky Mountain School. Tad has a BS in Journalism from University of Wyoming

William Bengtson

Director, Threat Detection and Response at Hashicorp

Michael Coates

Founding CEO of Altitude Networks and former CISO of Twitter