Difference between revisions of "Atlanta OWASP May 2007 Meeting"

From OWASP
Jump to: navigation, search
(Atlanta OWASP May 2007 Meeting')
 
 
Line 61: Line 61:
 
    
 
    
 
   
 
   
Here is map quest link to our building: http://www.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtype=address&cat=&address=115%20Perimeter%20Center%20Pl%20Ne&city=Atlanta&state=GA&zipcode=30346%2d1256&search=%20%20Search%20%20&searchtab=address  
+
Here is map quest link to our building: http://www.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtype=address&cat=&address=115%20Perimeter%20Center%20Pl%20Ne&city=Atlanta&state=GA&zipcode=30346%2d1256&search=%20%20Search%20%20&searchtab=address
 
 
 
 
 
 
 
 
 
 
 
'''Atlanta OWASP December 06 Social'''
 
 
 
Atlanta OWASP December 06 Social
 
Five Seasons Brewing
 
 
 
 
 
'''Atlanta OWASP April Meeting'''
 
 
 
Atlanta OWASP April Meeting
 
Presents
 
Secure Code Reviews
 
Wednesday April 26th 6:30pm - 8:30pm
 
Suntrust
 
250 Piedmont Ave
 
Atlanta, GA 30338
 
 
 
Directions: Look for information on directions later.
 
 
This meeting is open to public and admission is free. Parking in the vicinity is $3 to $4.
 
 
 
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and       
 
contributions to web application security.
 
 
 
Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)
 
 
 
Please RSVP for this event. Send email to cburkeinga@hotmail.com and sign up for the mailing list above.
 
 
 
Keynote Speaker
 
 
 
Dean H. Saxe, CEH
 
Senior Consultant
 
Foundstone Professional Services
 
A Division of McAfee
 
Strategic Security
 
Foundstone Role
 
 
 
Dean is a Senior Consultant at Foundstone. He is responsible for conducting web application penetration testing, threat modeling,
 
code reviews, secure software development lifecycle (S-SDLC) design and implementation, and project management. Additionally, Dean 
 
provides client education services as a lead instructor of the Building Secure Software, Writing Secure Code: Java/J2EE, and Writing
 
Secure Code: ColdFusion courses.
 
 
 
Experience
 
Dean has nine years of software development experience in a variety of industries, including banking, education and QC. Since 2001,
 
he has focused on secure software development and web application security. Prior to working at Foundstone, Dean held the position
 
of Manager of web Application Security for a corporate cash-management ASP.
 
 
 
Dean co-founded and remains active in the Atlanta ColdFusion User Group (ACFUG) and is an active member of the Open Web Application 
 
Security Project (OWASP) Atlanta Chapter.
 
 
 
 
 
'''Chapter Meeting March 29th 2006'''
 
 
 
Atlanta OWASP March Meeting Presents Computer Forensics Introduction ASP.Net Security Topics
 
 
 
Wednesday March 29th 6:30pm - 8:30pm
 
Digital Insight Corporation
 
Sales Headquarters
 
5720 Peachtree Pkwy.
 
Norcross, GA 30092
 
 
 
This meeting is open to public and admission/parking is free.
 
 
 
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and 
 
contributions to web application security.
 
 
 
Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)
 
 
 
You must RSVP to attend this event. Send email to: [mailto:owasp-atlanta@lists.sourceforge.net owasp-atlanta@lists.sourceforge.net]
 
Also, Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/
 
 
 
Keynote Speakers
 
 
David Bendon, CFCE, CISSP, EnCE
 
 
 
David is on the computer forensics team of a Fortune 25 company. Prior to joining the private sector David was the Chief Forensics 
 
Computer Specialist for the Georgia Bureau of Investigation (GBI), and a supervisor with their Internet Crimes Against Children 
 
Taskforce. While at the GBI, he worked on such high profile cases as the Hope Scholarship case, the Derwin Brown homicide case and
 
the hacking cases of a major university. The has also testified as an expert witness in numerous jurisdictions throughout Georgia. 
 
David is the founder and primary admin of the largest vendor neutral computer forensics portal called http://www.forensicsexams.org.
 
He is cofounder and VP of the Cybercrime Summit Group, a non-profit organization that runs the Cybercrime Summit (an international 
 
computer forensics/security conference held annually in Atlanta, GA. David is also certified as a CFCE, CISSP and EnCE.
 
 
 
Mohamoud Ibrahim, Senior Developer, The Home Depot
 
 
 
Mohamoud is a Senior Developer for The Home Depot with 12+ years of software development experience. He has experience developing
 
enterprise applications & web services in many development environments and languages including Java and ASP.NET. Mohamoud will
 
discuss developing secure web services in ASP.NET.
 
 
 
Charles Burke, SCJP, CISSP Senior Consultant InfoSec Integrators
 
 
 
Charles is the Atlanta OWASP Chair. He will discuss new security features in ASP.Net 2.0.
 
 
 
 
 
'''October 26th Meeting'''
 
 
 
Atlanta OWASP October Meeting Presents Web Application Assessments
 
 
 
Wednesday October 26th 7:00pm - 8:30pm
 
Vigilar, Inc. - Atlanta, Georgia
 
900 Ashwood Parkway
 
Suite 290
 
Atlanta, GA 30338
 
 
 
Directions http://www.vigilar.com/directions.html
 
This meeting is open to public and admission/parking is free.
 
 
 
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and 
 
contributions to web application security.
 
 
 
Who Should Attend - anyone interested in Web Application Security (managment, security architects, developers, etc)
 
 
 
Please RSVP for this event. Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/
 
 
 
Keynote Speaker Eric Ahlm
 
 
 
Director of Emerging Technologies
 
 
 
Certifications
 
 
 
CISSP Certified Information Systems Security Professional
 
 
 
PMI Project Management Institute
 
 
 
SCSP Symantec Certified Security Professional
 
 
Experience
 
Eric Ahlm brings to the company ten years of experience in information technology, five of which were dedicated to information 
 
security. As Vigilar’s Director of Security Architecture, Ahlm’s primary role is to evaluate new security technologies and consult
 
with clients who are looking to solve security challenges. He also runs Vigilar’s evaluation labs and works with hundreds of
 
security products to find the best solutions for Vigilar’s clients’ security challenges.
 
 
 
Prior to Vigilar, Ahlm worked for various security consulting firms and was a Regional Manager for Symantec Worldwide, an
 
information security firm that provides a broad range of software, appliances and services to help companies secure and manage their 
 
IT infrastructures. While at Symantec Worldwide, he was responsible for managing the company’s enterprise security line.
 
 
 
In addition, Ahlm has written numerous whitepapers published on security topics, participated as keynote speaker at various security 
 
conferences, and consulted with top companies in the United States. His areas of interest and study is in hacking techniques,
 
penetration testing, and working with security professionals to discover new exploits and proof of concept tools to help clients
 
tighten their security.
 
 
 
Ahlm holds a B.S.E.E.T. (Bachelor of Science Electrical Engineering Technologist) from Devry University.
 
 
 
'''October 26th Meeting'''
 
'''April 27th, Chapter meeting a SUCCESS!'''
 
 
 
'''April 27th, Chapter meeting a SUCCESS!'''
 
 
 
Atlanta OWASP Apil Meeting/Social was a success.
 
Thanks to Chip and William for there presentations and also to Thoughtmill for sponsorship.
 
 
 
April 27th Join Us for Pizza and Security Discussions
 
Security risk faced at each application Layer - Willam Vestal of Thoughtmill
 
SQL Security discussion - Chip Andrews of SQL Security
 
Wednesday April 27th 7:00pm - 8:00pm
 
PLEASE RSVP to owasp-atlanta@lists.sourceforge.net
 
Meeting host:
 
Thoughtmill
 
3155 Royal Dr.
 
Alpharetta, GA 30022
 
 
 
From 285/400: go 11.2 miles North / Exit Right onto HAYNES BRIDGE RD - go 0.6 miles / Left on NORTH POINT PKWY - go 1.5 miles / Right
 
on ROYAL DR - go 0.6 miles / Arrive at 3155 ROYAL DR, ALPHARETTA, on the Right (1st 1 story Brick bldg on the right)
 
 
 
[http://maps.yahoo.com/dd_result?newaddr=I+285+At+State+Hwy+400&taddr=3155+Royal+Drive&csz=atlanta%2C+ga&country=us&tcsz=Alpharetta%2C+GA+30022&tcountry=us&tname=ThoughtMill Map]
 
 
 
From 400 north of Old Milton: GA-400 SOUTH / Take exit #10 OLD MILTON PKWY / Left on OLD MILTON PKY - go 0.7 miles / Right on NORTH 
 
POINT PKY - go 0.7 miles / Left on ROYAL DR - go < 0.1 miles / Arrive at 3155 ROYAL DR, ALPHARETTA, on the Right (1st 1 story Brick
 
bldg on the right)
 
 
 
[http://maps.yahoo.com/dd_result?newaddr=&taddr=3155+Royal+Drive&csz=cumming%2C+ga&country=us&tcsz=Alpharetta%2C+GA+30022&tcountry=us&tname=ThoughtMill Map]
 
 
 
'''March 30th, 2005 - Next Meeting'''
 
 
 
Atlanta OWASP March Meeting Presents Advanced Live Hacking:
 
Methodologies and Demonstrations of Web Application Hacks
 
Wednesday March 30th 7:00pm - 8:00pm
 
Home Depot Store Support Center
 
2455 Paces Ferry Road
 
Atlanta GA
 
 
 
This meeting is open to public and admission/parking is free.
 
 
 
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and
 
contributions to web application security.
 
 
 
Who Should Attend - anyone interested in Web Application Security (managment, security architects, developers, etc)
 
 
 
You must RSVP to attend this event. Register to OWASP Atlanta mailing list at:
 
http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/
 
 
 
Keynote Speaker Caleb Sima
 
Co-founder, Chief Technology Officer, Director of SPI Labs
 
S.P.I. Dynamics Incorporated
 
 
 
Caleb Sima is the co-founder and chief technology officer of SPI Dynamics, the expert in web application security assessment and
 
testing. Caleb is responsible for directing the lifecycle of the company’s web application security solutions and is the director
 
of SPI Labs, the renowned application security research and development group within SPI Dynamics. Here, he leads a team of
 
accomplished security experts who have received worldwide recognition for the identification of security vulnerabilities and
 
exploits.
 
 
 
Caleb has been engaged in the Internet security arena since 1996, a time when the concept of Internet security was just emerging.
 
Since then, he has become widely recognized within the industry as an expert in penetration (pen) testing (testing a company’s
 
network security for critical flaws), and for identifying emerging security threats. In early 2000 Caleb co-founded SPI Dynamics
 
and helped define the direction the industry has taken. Prior to co-founding SPI Dynamics, Caleb worked for Internet Security
 
Systems, Inc. (ISS), an industry pioneer and global leader in Internet security. Caleb was a member of ISS’ elite X-Force research
 
and development team, led the creation of the first pen testing team and drove enterprise security assessments for the company.
 
Caleb began his security career as a security engineer for S1 Corporation. In this role, he was responsible for testing the security
 
of software products for the banking and finance industries. Additionally, he was in charge of security for S1’s Datacenter, which
 
managed the data transfer and security of some of the world’s leading financial institutions.
 
 
 
Caleb’s engineering exploits have gained media attention in publications such as the New York Times and the Washington Post. He has
 
also contributed to Baseline Magazine and was featured, along with the ISS X-Force, in US News and World Report and Security World
 
Magazine. A frequent speaker at industry events and tradeshows, Caleb’s most recent appearances include RSA 2004, the 2003 SouthEast
 
CyberCrime Summit, Comdex 2003, Information Systems Security Association (ISSA), and the 2002 Cyber Security in the Financial
 
Services Sector Executive Summit. Caleb is also a member of ISSA and is one of the founding visionaries of the Application 
 
Vulnerability Description Language (AVDL) standard within OASIS.
 
 
 
The SSC is located at:
 
2455 Paces Ferry Road
 
Atlanta, GA 30339
 
Going West on 285, Paces Ferry is about 2-4 miles west of 75
 
 
 
 
 
'''February Meeting'''
 
 
 
Our February Meeting was the first official Atlanta OWASP event.
 
It was a Huge success!
 
Click the links below to see the slides for each presentation:
 
 
[http://www.owasp.org/docroot/owasp/misc/AtlOWASP2005-Charles_Burke_WebSvcSecurity.ppt Web Services Security Intro - Charles Burke]
 
 
 
 
 
'''June Meeting - 6/29 @ 7PM'''
 
 
 
Atlanta OWASP June Meeting
 
 
 
Advanced SQL Injection
 
Exploiting SQL injection on MySQL, generic UNION exploit
 
and using SQL Injection to gain complete access to a server.
 
 
 
Wednesday June 29th 7:00pm - 8:00pm
 
 
 
SPI Dynamics Headquarters
 
115 Perimeter Center Place, N.E.
 
Suite 1100
 
Atlanta, GA 30346
 
 
 
OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and 
 
contributions to web application security.
 
 
 
Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)
 
This meeting is open to public and admission/parking is free.
 
Directions: http://www.spidynamics.com/aboutspi/contact/directions.html
 
 
 
You must RSVP to attend this event.
 
 
 
Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/
 
 
 
Keynote Speaker: Shiroy Choksey
 
Intern, SPI Labs
 
S.P.I. Dynamics Incorporated
 
 
 
Shiroy Choksey is an intern for SPI Dynamics, the expert in Web application security assessment
 
and testing. His internship with the company is currently with SPI Labs, the renowned
 
application security research and development group within SPI Dynamics. Here he assists a
 
team of accomplished security experts in their research who have received worldwide
 
recognition for the identification of security vulnerabilities and exploits.
 
Prior to joining the SPI Labs team as an intern, Shiroy completed his Bachelor of Engineering in
 
Information Technology with highest honors, from Pune University, India. He is pursuing a
 
Masters in Information Security from the Georgia Institute of Technology’s Information Security
 
Center (GTISC). At GTISC, he extensively researches SQL Injection techniques and built his
 
own SQL Injection tool with support for generic database exploitation and IDS evasion.
 
Shiroy is a recipient of several prestigious awards including the American Alumni Student
 
Award, a distinguished award presented to ten Indian students, the J. N. Tata Scholar Award for
 
exemplary academic achievement awarded to selected Indian students, and the Nirenski Study
 
Award that is awarded for consistent outstanding academic performance in school. In addition,
 
Shiroy is a talented musician, playing the piano and the guitar, and has received numerous
 
awards for best speaker at debate competitions throughout his academic career.
 

Latest revision as of 16:53, 11 November 2008

Atlanta OWASP May 2007 Meeting

Topic: PCI Compliance When: Monday June 18th 6:30pm - 8:30pm Meeting Location SPI Dynamics Headquarters 115 Perimeter Center Place NE South Terraces Atlanta, GA 30346

Room is on the 1st Floor of the South Terraces building. Called “Classroom”

See below for more on directions.


This meeting is open to public and admission is free.

OWASP Atlanta - our mission as a local chapter of the Open Web Application Security Project is to help promote awareness and contributions to web application security.

Who Should Attend - anyone interested in Web Application Security (management, security architects, developers, etc)

Please RSVP for this event.

RSVP for this event. Send email to: owasp-atlanta@lists.sourceforge.net Also, Register to OWASP Atlanta mailing list at: http://lists.sourceforge.net/lists/listinfo/owasp-atlanta/



Topic: Payment Card Industry Data Security Standard

Presentations:

PCI Requirements Conrad Clark CISSP

Conrad Clark is a Security Engineer for S.P.I. Dynamics, Inc. (www.spidynamics.com), the leading provider of web application security testing software and services. Conrad is a Certified Information System Security Professional (CISSP #73743), and has over 15 years of information system engineering and management experience in addition to three years of technology consulting service with Deloitte Consulting. Prior to joining SPI Dynamics, Conrad worked as a Senior Network Security Engineer supporting a web-based payment portal system for Verifone Inc. Prior to that he was the Manager of the Security Operations Center for Interland Inc. Conrad is an expert in building, deploying, and maintaining secured web-based financial transaction systems. In addition, he has an expertise in scope, designing, planning and implementation of enterprise level systems and applications, and standard operating, business continuity, and disaster recover plans


PCI Requirement 10 Logging and Monitoring Charles Burke CISSP

Charles is the Atlanta OWASP Chair and a Security Consultant with InfoSec Integrators, a provider of security technology integration services.



Location and Directions: SPI Dynamics Headquarters 115 Perimeter Center Place NE South Terraces Atlanta, GA 30346

Room is on the 1st Floor of the South Terraces building. Called “Classroom” There is a parking garage associated with building, parking is free. However, the gates close at 7pm except for the one on the 3rd level – so that is the one to use for exiting the garage after the meeting.


Here is map quest link to our building: http://www.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtype=address&cat=&address=115%20Perimeter%20Center%20Pl%20Ne&city=Atlanta&state=GA&zipcode=30346%2d1256&search=%20%20Search%20%20&searchtab=address