Difference between revisions of "Bay Area"

From OWASP
Jump to: navigation, search
m (Donate Funds to Bay Area Chapter)
(46 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}  
 
{{Chapter Template|chaptername=Bay Area|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-bayarea|emailarchives=http://lists.owasp.org/pipermail/owasp-bayarea}}  
  
==== Local Jim Manico News  ====
 
  
<paypal>Bay Area</paypal>
+
== Chapter Meetings ==
  
==== Chapter Meetings  ====
+
=== January, 2013 ===
 +
'''Host''': Mozilla
  
== Date and Location  ==
+
'''When''': Tuesday, January 8, 2013 from 5:30 PM to 8:30 PM (PST)
  
OWASP Bay Area will host its next Application Security Summit at the SAP Offices in Palo Alto on July 1st, 2010. As usual attendance is free and food and beverages will be provided. This is an excellent event with great speakers and a great opportunity to network with industry peers. The event is open to the public; please forward this invite to your colleagues and friends who are interested in computer and application security.  
+
'''RSVP Required''': http://owaspbayareajan13.eventbrite.com/
  
We have an excellent line-up of speakers.  
+
Steaming live over [https://air.mozilla.org/owasp-community-event/ air.mozilla.org]
  
Please note that due to security issues, your must pre-register. Badges will be ready for the registered attendees at the lobby where you will check in.  
+
Remote & have questions? Join on [https://wiki.mozilla.org/IRC#Connect_to_the_Mozilla_IRC_server Mozilla IRC] and we'll ask them. Room #airmozilla
  
WHAT: OWASP Bay Area Chapter - Application Security Summit
+
Details:
  
WHEN: Thursday, July 1st, 2010 - From 9 A.M. to 3.00 P.M.  
+
Join us for an evening about secure development practices for two of the most popular mobile platforms: iOS and Android. The content will be technical and there will be code.
  
WHERE: SAP Offices, Palo Alto - See below for directions
+
Agenda:
  
<br>
+
5:30 - Social Half-Hour
  
Venue and Directions:  
+
6:00 - Welcome & Overview of OWASP Mobile Projects
  
3410 Hillview Ave, Palo Alto, Building 1 Executive Briefing Center (2nd Floor)
+
6:15 - Securing Android Applications, Jesse Burns
  
Directions on SAP Labs Web Site. Also on the Event Registration Page.
+
7:10 - Break
  
Parking - You can park in the visitor parking or any of the open spaces at any level of the parking lot.
+
7:20 - Securing iOS Applications, Blake Turrentine
  
<br>
+
8:30 - Adjourn
  
REGISTER EARLY AS SEATING IS LIMITED
+
Note: The facility's space is limited, and we do expect to "sell out". By reserving a ticket, you agree to either attend or let the organizers know that you will not be attending when/if your plans change so we can release your ticket to someone on the waiting list. We have good content that our speakers worked hard to put together and they deserve a full audience.
  
Please RSVP by registering at http://owaspbajuly2010.eventbrite.com/ <br>
+
== Bay Area Past Events ==
  
== Agenda  ==
+
[https://www.owasp.org/index.php/Bay_Area_Past_Events Bay Area Past Events]
  
{| cellspacing="1" cellpadding="1" border="1" style="width: 1021px; height: 373px;"
 
|+ Agenda
 
|-
 
| 8:45 AM - 9:00 AM<br>
 
| Check-in, registration, breakfast, networking<br>
 
|-
 
| 9:00 AM - 9:15 AM<br>
 
| Welcome Remarks and Overview of OWASP Bay Area - Mandeep Khera, Bay Area Chapter Leader <br>
 
|-
 
| 9:15 AM - 10:00 AM<br>
 
| Drive By Downloads- How to Avoid Getting A Cap Popped in your App - Neil Daswani, Co-founder, Dasient<br>
 
|-
 
| 10:00 AM - 10:45 AM<br>
 
| Building Secure Web Applications In a Cloud Services Environment - Misha Logvinov, VP of Online Operations, IronKey‎<br>
 
|-
 
| 10:45 AM - 11:15 AM<br>
 
| Networking Break, refreshments<br>
 
|-
 
| 11:15 AM - Noon<br>
 
| Cloudy with a Chance of Hack - Lars Ewe, CTO and VP of Engineering, Cenzic‎<br>
 
|-
 
| Noon - 1:30 <br>
 
| Networking Lunch <br>
 
|-
 
| 1:30 PM - 2:15 PM<br>
 
| Application Security Deployment Tradeoffs - Anoop Reddy, Senior Manager, Products, Citrix<br>
 
|-
 
| 2:15 PM - 3:00 PM<br>
 
| MashUp SSL - Extending SSL for Security Mashups - Siddharth Bajaj, Principal Engineer, Verisign <br>
 
|-
 
| <br>
 
| <br>
 
|}
 
  
<br>
+
== Bay Area Chapter Leaders ==
  
Detailed Abstracts and Speaker Bios
+
*[mailto:teresa-ann-stevens@comcast.net Teresa Stevens]
 +
*[mailto:cory@crazypenguin.com Cory Scott]
  
'''Drive By Downloads: How To Avoid Getting A Cap Popped In Your App:&nbsp;'''Which browser do you claim? What color is your screen-saver? It is a world wide hood out there, don’t let yourself become the next victim of a drive by… a drive by download. Email attachments have become synonymous with computer viruses and consumers have become accustom to questioning the legitimacy of email touting male enhancement drugs and lottery winnings. This means hackers are having to come up with new ways to distribute malware. Today, just by loading an infected webpage of from a legitimate website, a virus can be downloaded without any other interaction and will often go undetected. Once the virus is on a PC, hackers can access the computer remotely and steal sensitive information like banking passwords, send out spam or install more malicious executables.
 
  
In this talk, we describe in technical detail the "anatomy of a modern web-based malware attack." Web-based malware attacks have evolved significantly over the past 4 years. We present the state-of-the-art in web-based malware attacks and describe how the techniques used have evolved over time. '''<br>Bio - '''Neil Daswani is a co-founder of Dasient, Inc., a security company backed by some of the most influential investors in Silicon Valley and New York. In the past, Neil has served in a variety of research, development, teaching, and managerial roles at Google, Stanford University, DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). While at Stanford, Neil co-founded the Stanford Center Professional Development (SCPD) Security Certification Program (http://proed.stanford.edu/?security). He has published extensively, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and earned a bachelor's in computer science with honors with distinction from Columbia University. Neil is also the lead author of "Foundations of Security: What Every Programmer Needs To Know" (published by Apress; ISBN 1590597842; http://tinyurl.com/33xs6g. More information about Neil is available at http://www.neildaswani.com.
 
 
<br> '''Building Secure Web Applications: ''' This presentation will go over core principles involved in launching secure web applications and effectively managing security in a cloud services environment. We will discuss best practices for implementing security programs, review examples of things done right and wrong, and address specific steps required for creating and maintaining a sustainable security framework for your web applications. <br>'''Bio '''- Misha Logvinov is the Vice President of Online Operations at IronKey. In this position, Mr. Logvinov and his team are responsible for designing, implementing and supporting a highly-scalable mission critical infrastructure for IronKey's next-generation security products and services. Mr. Logvinov brings to IronKey over a decade of management experience in information technology, operations and security. Throughout his career, he has been responsible for implementing hundreds of customer solutions, supporting millions of online users, managing complex backoffice applications and building some of the world's most secure online service environments. Prior to IronKey, Mr. Logvinov spent six years at Yodlee, one of the leading online financial service providers. He held various management roles during his tenure, most recently, as Director of Operations Delivery. Mr. Logvinov's earlier experiences included IT management at Outcome, Inc. and INTERSHOP Communications. Mr. Logvinov holds a BA in Business Administration from Plekhanov Russian Academy of Economics. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).
 
 
'''Cloudy with a chance of a hack: '''Cloud computing is a cost effective and efficient way for enterprises to automate their processes. However organizations need to be aware of the pitfalls of the many cloud computing solutions out there - one of the main ones being security. Most of these solutions were built for ease of use and without necessarily security in mind. Companies should ask the solution provider the security measures used in developing the application and get an independent verification to make sure there are no gaping holes. With over 75% of attacks occurring through the Web, any attack through these applications can lead to leakage of confidential information and embarrassment. <br>'''Bio '''– Lars Ewe''': '''Chief Technology Officer and VP of Engineering for Cenzic. Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering and product management in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts.
 
 
'''Application Security Deployment Tradeoffs:''' Application security tradeoffs and choices are made at various stages of application design, development and deployment. This talk will cover deployment aspects of application security. Based on experience in designing, developing and deploying application security solutions and products for the past 10 years, I will do a case study based analysis of security costs and tradeoffs. Specifically, we will correlate security choices during deployment with our observations regarding the relatively higher adoption of security features and products that have an incremental deployment plan over those that are more intrusive and/or are operationally more expensive. <br>'''Bio '''– Anoop Reddy Anoop Reddy has been working in Security and Application Firewalls for the past 8 years and has led many innovations as part of Teros and Citrix. He was the Architect and Technical Lead at Teros and now manages the Engineering Development for the Application Firewall product lines at Citrix.
 
 
<br> '''MashSSL - '''Extending SSL for securing mashups: In this presentation we will describe MashSSL and how it can be used to solve a fundamental Internet security problem - when two web applications communicate through a potentially un-trusted user they do not have any standard way of mutually authenticating each other and establishing a trusted channel. MashSSL is a new multi-party protocol that has been expressly designed to inherit the security properties of SSL, and to be able to leverage its trust infrastructure. We will also discuss how this can be used to secure a variety of multi-party environments including mashups using Cross-domain XHR, OpenAJAX, as well as scenarios such as OpenID and OAuth. <br>'''Bio '''– Siddharth Bajaj is researching new technologies in the areas of Internet Trust, Identity and Authentication including how these can be applied to solve problems in verticals such as healthcare, online content and cloud computing. Siddharth has been with VeriSign since 1999 and has fulfilled variety of technical leadership roles. He was involved in the development of the VeriSign PKI services platform as well as the early conceptualization and architecture of more recent VeriSign products such as UA and VIP.
 
 
<br>
 
 
<br>
 
 
== RSVP  ==
 
 
Please RSVP by registering at http://owaspbajuly2010.eventbrite.com/
 
 
= Bay Area Past Events  =
 
 
[[Bay Area Past Events]]
 
 
==== Bay Area OWASP Chapter Leaders  ====
 
 
*[mailto:brian@appsecconsulting.com Brian Bertacini]
 
*[http://garrettgee.com Garrett Gee]
 
*[mailto:mandeep@cenzic.com Mandeep Khera]
 
*[mailto:robipapp@yahoo.com Robi Papp]
 
 
__NOTOC__ <headertabs />
 
  
 
[[Category:California]]
 
[[Category:California]]
 +
[[Category:OWASP Chapter]]

Revision as of 13:10, 12 February 2013

Contents

OWASP Bay Area

Welcome to the Bay Area chapter homepage.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Chapter Meetings

January, 2013

Host: Mozilla

When: Tuesday, January 8, 2013 from 5:30 PM to 8:30 PM (PST)

RSVP Required: http://owaspbayareajan13.eventbrite.com/

Steaming live over air.mozilla.org

Remote & have questions? Join on Mozilla IRC and we'll ask them. Room #airmozilla

Details:

Join us for an evening about secure development practices for two of the most popular mobile platforms: iOS and Android. The content will be technical and there will be code.

Agenda:

5:30 - Social Half-Hour

6:00 - Welcome & Overview of OWASP Mobile Projects

6:15 - Securing Android Applications, Jesse Burns

7:10 - Break

7:20 - Securing iOS Applications, Blake Turrentine

8:30 - Adjourn

Note: The facility's space is limited, and we do expect to "sell out". By reserving a ticket, you agree to either attend or let the organizers know that you will not be attending when/if your plans change so we can release your ticket to someone on the waiting list. We have good content that our speakers worked hard to put together and they deserve a full audience.

Bay Area Past Events

Bay Area Past Events


Bay Area Chapter Leaders