Difference between revisions of "Atlanta OWASP May 2007 Meeting"

From OWASP
Jump to: navigation, search
(Atlanta OWASP May 2007 Meeting')
 
 
Line 61: Line 61:
 
    
 
    
 
   
 
   
Here is map quest link to our building: http://www.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtype=address&cat=&address=115%20Perimeter%20Center%20Pl%20Ne&city=Atlanta&state=GA&zipcode=30346%2d1256&search=%20%20Search%20%20&searchtab=address  
+
Here is map quest link to our building: http://www.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtype=address&cat=&address=115%20Perimeter%20Center%20Pl%20Ne&city=Atlanta&state=GA&zipcode=30346%2d1256&search=%20%20Search%20%20&searchtab=address
+
 
+
 
+
 
+
 
+
 
+
'''Atlanta OWASP December 06 Social'''
+
 
+
Atlanta OWASP December 06 Social
+
Five Seasons Brewing
+
 
+
 
+
'''Atlanta OWASP April Meeting'''
+
 
+
Atlanta OWASP April Meeting
+
Presents
+
Secure Code Reviews
+
Wednesday April 26th 6:30pm - 8:30pm
+
Suntrust
+
250 Piedmont Ave
+
Atlanta, GA 30338
+
 
+
Directions: Look for information on directions later.
+
+
This meeting is open to public and admission is free. Parking in the vicinity is $3 to $4.
+
 
+
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and       
+
contributions to web application security.
+
 
+
Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)
+
 
+
Please RSVP for this event. Send email to cburkeinga@hotmail.com and sign up for the mailing list above.
+
 
+
Keynote Speaker
+
 
+
Dean H. Saxe, CEH
+
Senior Consultant
+
Foundstone Professional Services
+
A Division of McAfee
+
Strategic Security
+
Foundstone Role
+
 
+
Dean is a Senior Consultant at Foundstone. He is responsible for conducting web application penetration testing, threat modeling,
+
code reviews, secure software development lifecycle (S-SDLC) design and implementation, and project management. Additionally, Dean 
+
provides client education services as a lead instructor of the Building Secure Software, Writing Secure Code: Java/J2EE, and Writing
+
Secure Code: ColdFusion courses.
+
 
+
Experience
+
Dean has nine years of software development experience in a variety of industries, including banking, education and QC. Since 2001,
+
he has focused on secure software development and web application security. Prior to working at Foundstone, Dean held the position
+
of Manager of web Application Security for a corporate cash-management ASP.
+
 
+
Dean co-founded and remains active in the Atlanta ColdFusion User Group (ACFUG) and is an active member of the Open Web Application 
+
Security Project (OWASP) Atlanta Chapter.
+
 
+
 
+
'''Chapter Meeting March 29th 2006'''
+
 
+
Atlanta OWASP March Meeting Presents Computer Forensics Introduction ASP.Net Security Topics
+
 
+
Wednesday March 29th 6:30pm - 8:30pm
+
Digital Insight Corporation
+
Sales Headquarters
+
5720 Peachtree Pkwy.
+
Norcross, GA 30092
+
 
+
This meeting is open to public and admission/parking is free.
+
 
+
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and 
+
contributions to web application security.
+
 
+
Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)
+
 
+
You must RSVP to attend this event. Send email to: [mailto:owasp-atlanta@lists.sourceforge.net owasp-atlanta@lists.sourceforge.net]
+
Also, Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/
+
 
+
Keynote Speakers
+
+
David Bendon, CFCE, CISSP, EnCE
+
 
+
David is on the computer forensics team of a Fortune 25 company. Prior to joining the private sector David was the Chief Forensics 
+
Computer Specialist for the Georgia Bureau of Investigation (GBI), and a supervisor with their Internet Crimes Against Children 
+
Taskforce. While at the GBI, he worked on such high profile cases as the Hope Scholarship case, the Derwin Brown homicide case and
+
the hacking cases of a major university. The has also testified as an expert witness in numerous jurisdictions throughout Georgia. 
+
David is the founder and primary admin of the largest vendor neutral computer forensics portal called http://www.forensicsexams.org.
+
He is cofounder and VP of the Cybercrime Summit Group, a non-profit organization that runs the Cybercrime Summit (an international 
+
computer forensics/security conference held annually in Atlanta, GA. David is also certified as a CFCE, CISSP and EnCE.
+
 
+
Mohamoud Ibrahim, Senior Developer, The Home Depot
+
 
+
Mohamoud is a Senior Developer for The Home Depot with 12+ years of software development experience. He has experience developing
+
enterprise applications & web services in many development environments and languages including Java and ASP.NET. Mohamoud will
+
discuss developing secure web services in ASP.NET.
+
 
+
Charles Burke, SCJP, CISSP Senior Consultant InfoSec Integrators
+
 
+
Charles is the Atlanta OWASP Chair. He will discuss new security features in ASP.Net 2.0.
+
 
+
 
+
'''October 26th Meeting'''
+
 
+
Atlanta OWASP October Meeting Presents Web Application Assessments
+
 
+
Wednesday October 26th 7:00pm - 8:30pm
+
Vigilar, Inc. - Atlanta, Georgia
+
900 Ashwood Parkway
+
Suite 290
+
Atlanta, GA 30338
+
 
+
Directions http://www.vigilar.com/directions.html
+
This meeting is open to public and admission/parking is free.
+
 
+
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and 
+
contributions to web application security.
+
 
+
Who Should Attend - anyone interested in Web Application Security (managment, security architects, developers, etc)
+
 
+
Please RSVP for this event. Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/
+
 
+
Keynote Speaker Eric Ahlm
+
 
+
Director of Emerging Technologies
+
 
+
Certifications
+
 
+
CISSP Certified Information Systems Security Professional
+
 
+
PMI Project Management Institute
+
 
+
SCSP Symantec Certified Security Professional
+
+
Experience
+
Eric Ahlm brings to the company ten years of experience in information technology, five of which were dedicated to information 
+
security. As Vigilar’s Director of Security Architecture, Ahlm’s primary role is to evaluate new security technologies and consult
+
with clients who are looking to solve security challenges. He also runs Vigilar’s evaluation labs and works with hundreds of
+
security products to find the best solutions for Vigilar’s clients’ security challenges.
+
 
+
Prior to Vigilar, Ahlm worked for various security consulting firms and was a Regional Manager for Symantec Worldwide, an
+
information security firm that provides a broad range of software, appliances and services to help companies secure and manage their 
+
IT infrastructures. While at Symantec Worldwide, he was responsible for managing the company’s enterprise security line.
+
 
+
In addition, Ahlm has written numerous whitepapers published on security topics, participated as keynote speaker at various security 
+
conferences, and consulted with top companies in the United States. His areas of interest and study is in hacking techniques,
+
penetration testing, and working with security professionals to discover new exploits and proof of concept tools to help clients
+
tighten their security.
+
 
+
Ahlm holds a B.S.E.E.T. (Bachelor of Science Electrical Engineering Technologist) from Devry University.
+
 
+
'''October 26th Meeting'''
+
'''April 27th, Chapter meeting a SUCCESS!'''
+
 
+
'''April 27th, Chapter meeting a SUCCESS!'''
+
 
+
Atlanta OWASP Apil Meeting/Social was a success.
+
Thanks to Chip and William for there presentations and also to Thoughtmill for sponsorship.
+
 
+
April 27th Join Us for Pizza and Security Discussions
+
Security risk faced at each application Layer - Willam Vestal of Thoughtmill
+
SQL Security discussion - Chip Andrews of SQL Security
+
Wednesday April 27th 7:00pm - 8:00pm
+
PLEASE RSVP to owasp-atlanta@lists.sourceforge.net
+
Meeting host:
+
Thoughtmill
+
3155 Royal Dr.
+
Alpharetta, GA 30022
+
 
+
From 285/400: go 11.2 miles North / Exit Right onto HAYNES BRIDGE RD - go 0.6 miles / Left on NORTH POINT PKWY - go 1.5 miles / Right
+
on ROYAL DR - go 0.6 miles / Arrive at 3155 ROYAL DR, ALPHARETTA, on the Right (1st 1 story Brick bldg on the right)
+
 
+
[http://maps.yahoo.com/dd_result?newaddr=I+285+At+State+Hwy+400&taddr=3155+Royal+Drive&csz=atlanta%2C+ga&country=us&tcsz=Alpharetta%2C+GA+30022&tcountry=us&tname=ThoughtMill Map]
+
 
+
From 400 north of Old Milton: GA-400 SOUTH / Take exit #10 OLD MILTON PKWY / Left on OLD MILTON PKY - go 0.7 miles / Right on NORTH 
+
POINT PKY - go 0.7 miles / Left on ROYAL DR - go < 0.1 miles / Arrive at 3155 ROYAL DR, ALPHARETTA, on the Right (1st 1 story Brick
+
bldg on the right)
+
 
+
[http://maps.yahoo.com/dd_result?newaddr=&taddr=3155+Royal+Drive&csz=cumming%2C+ga&country=us&tcsz=Alpharetta%2C+GA+30022&tcountry=us&tname=ThoughtMill Map]
+
 
+
'''March 30th, 2005 - Next Meeting'''
+
 
+
Atlanta OWASP March Meeting Presents Advanced Live Hacking:
+
Methodologies and Demonstrations of Web Application Hacks
+
Wednesday March 30th 7:00pm - 8:00pm
+
Home Depot Store Support Center
+
2455 Paces Ferry Road
+
Atlanta GA
+
 
+
This meeting is open to public and admission/parking is free.
+
 
+
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and
+
contributions to web application security.
+
 
+
Who Should Attend - anyone interested in Web Application Security (managment, security architects, developers, etc)
+
 
+
You must RSVP to attend this event. Register to OWASP Atlanta mailing list at:
+
http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/
+
 
+
Keynote Speaker Caleb Sima
+
Co-founder, Chief Technology Officer, Director of SPI Labs
+
S.P.I. Dynamics Incorporated
+
 
+
Caleb Sima is the co-founder and chief technology officer of SPI Dynamics, the expert in web application security assessment and
+
testing. Caleb is responsible for directing the lifecycle of the company’s web application security solutions and is the director
+
of SPI Labs, the renowned application security research and development group within SPI Dynamics. Here, he leads a team of
+
accomplished security experts who have received worldwide recognition for the identification of security vulnerabilities and
+
exploits.
+
 
+
Caleb has been engaged in the Internet security arena since 1996, a time when the concept of Internet security was just emerging.
+
Since then, he has become widely recognized within the industry as an expert in penetration (pen) testing (testing a company’s
+
network security for critical flaws), and for identifying emerging security threats. In early 2000 Caleb co-founded SPI Dynamics
+
and helped define the direction the industry has taken. Prior to co-founding SPI Dynamics, Caleb worked for Internet Security
+
Systems, Inc. (ISS), an industry pioneer and global leader in Internet security. Caleb was a member of ISS’ elite X-Force research
+
and development team, led the creation of the first pen testing team and drove enterprise security assessments for the company.
+
Caleb began his security career as a security engineer for S1 Corporation. In this role, he was responsible for testing the security
+
of software products for the banking and finance industries. Additionally, he was in charge of security for S1’s Datacenter, which
+
managed the data transfer and security of some of the world’s leading financial institutions.
+
 
+
Caleb’s engineering exploits have gained media attention in publications such as the New York Times and the Washington Post. He has
+
also contributed to Baseline Magazine and was featured, along with the ISS X-Force, in US News and World Report and Security World
+
Magazine. A frequent speaker at industry events and tradeshows, Caleb’s most recent appearances include RSA 2004, the 2003 SouthEast
+
CyberCrime Summit, Comdex 2003, Information Systems Security Association (ISSA), and the 2002 Cyber Security in the Financial
+
Services Sector Executive Summit. Caleb is also a member of ISSA and is one of the founding visionaries of the Application 
+
Vulnerability Description Language (AVDL) standard within OASIS.
+
 
+
The SSC is located at:
+
2455 Paces Ferry Road
+
Atlanta, GA 30339
+
Going West on 285, Paces Ferry is about 2-4 miles west of 75
+
 
+
 
+
'''February Meeting'''
+
 
+
Our February Meeting was the first official Atlanta OWASP event.
+
It was a Huge success!
+
Click the links below to see the slides for each presentation:
+
+
[http://www.owasp.org/docroot/owasp/misc/AtlOWASP2005-Charles_Burke_WebSvcSecurity.ppt Web Services Security Intro - Charles Burke]
+
 
+
 
+
'''June Meeting - 6/29 @ 7PM'''
+
 
+
Atlanta OWASP June Meeting
+
 
+
Advanced SQL Injection
+
Exploiting SQL injection on MySQL, generic UNION exploit
+
and using SQL Injection to gain complete access to a server.
+
 
+
Wednesday June 29th 7:00pm - 8:00pm
+
 
+
SPI Dynamics Headquarters
+
115 Perimeter Center Place, N.E.
+
Suite 1100
+
Atlanta, GA 30346
+
 
+
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and 
+
contributions to web application security.
+
 
+
Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)
+
This meeting is open to public and admission/parking is free.
+
Directions: http://www.spidynamics.com/aboutspi/contact/directions.html
+
 
+
You must RSVP to attend this event.
+
 
+
Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/
+
 
+
Keynote Speaker: Shiroy Choksey
+
Intern, SPI Labs
+
S.P.I. Dynamics Incorporated
+
 
+
Shiroy Choksey is an intern for SPI Dynamics, the expert in Web application security assessment
+
and testing. His internship with the company is currently with SPI Labs, the renowned
+
application security research and development group within SPI Dynamics. Here he assists a
+
team of accomplished security experts in their research who have received worldwide
+
recognition for the identification of security vulnerabilities and exploits.
+
Prior to joining the SPI Labs team as an intern, Shiroy completed his Bachelor of Engineering in
+
Information Technology with highest honors, from Pune University, India. He is pursuing a
+
Masters in Information Security from the Georgia Institute of Technology’s Information Security
+
Center (GTISC). At GTISC, he extensively researches SQL Injection techniques and built his
+
own SQL Injection tool with support for generic database exploitation and IDS evasion.
+
Shiroy is a recipient of several prestigious awards including the American Alumni Student
+
Award, a distinguished award presented to ten Indian students, the J. N. Tata Scholar Award for
+
exemplary academic achievement awarded to selected Indian students, and the Nirenski Study
+
Award that is awarded for consistent outstanding academic performance in school. In addition,
+
Shiroy is a talented musician, playing the piano and the guitar, and has received numerous
+
awards for best speaker at debate competitions throughout his academic career.
+

Latest revision as of 17:53, 11 November 2008

Atlanta OWASP May 2007 Meeting

Topic: PCI Compliance When: Monday June 18th 6:30pm - 8:30pm Meeting Location SPI Dynamics Headquarters 115 Perimeter Center Place NE South Terraces Atlanta, GA 30346

Room is on the 1st Floor of the South Terraces building. Called “Classroom”

See below for more on directions.


This meeting is open to public and admission is free.

OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and contributions to web application security.

Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)

Please RSVP for this event.

RSVP for this event. Send email to: owasp-atlanta@lists.sourceforge.net Also, Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/



Topic: Payment Card Industry Data Security Standard

Presentations:

PCI Requirements Conrad Clark CISSP

Conrad Clark is a Security Engineer for S.P.I. Dynamics, Inc. (www.spidynamics.com), the leading provider of web application security testing software and services. Conrad is a Certified Information System Security Professional (CISSP #73743), and has over 15 years of information system engineering and management experience in addition to three years of technology consulting service with Deloitte Consulting. Prior to joining SPI Dynamics, Conrad worked as a Senior Network Security Engineer supporting a web-based payment portal system for Verifone Inc. Prior to that he was the Manager of the Security Operations Center for Interland Inc. Conrad is an expert in building, deploying, and maintaining secured web-based financial transaction systems. In addition, he has an expertise in scope, designing, planning and implementation of enterprise level systems and applications, and standard operating, business continuity, and disaster recover plans


PCI Requirement 10 Logging and Monitoring Charles Burke CISSP

Charles is the Atlanta OWASP Chair and a Security Consultant with InfoSec Integrators, a provider of security technology integration services.



Location and Directions: SPI Dynamics Headquarters 115 Perimeter Center Place NE South Terraces Atlanta, GA 30346

Room is on the 1st Floor of the South Terraces building. Called “Classroom” There is a parking garage associated with building, parking is free. However, the gates close at 7pm except for the one on the 3rd level – so that is the one to use for exiting the garage after the meeting.


Here is map quest link to our building: http://www.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtype=address&cat=&address=115%20Perimeter%20Center%20Pl%20Ne&city=Atlanta&state=GA&zipcode=30346%2d1256&search=%20%20Search%20%20&searchtab=address