Difference between revisions of "Chicago"

From OWASP
Jump to: navigation, search
m (Updated)
 
(78 intermediate revisions by 12 users not shown)
Line 1: Line 1:
=== It's been a long time coming and here it is! ===
+
For more information on OWASP Chicago meetings, please visit http://www.meetup.com/OWASP-Chicago-Chapter/ for more information.
== Next Chapter Meeting: June 2nd, 2011 ==
 
  
The next Chicago chapter meeting will be June 2nd starting at 6:00pm and running until about 8:30. Space for the meeting is being graciously provided by Morningstar at their [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=22+West+Washington+Street+Chicago,+IL+60602&aq=&sll=37.0625,-95.677068&sspn=30.599615,68.554688&ie=UTF8&hq=&hnear=22+W+Washington+St,+Chicago,+Illinois+60602&z=16 downtown Chicago headquarters location] (22 West Washington Street Chicago, IL 60602)
+
We have a very active 2016 summer planned!  June & August Chapter meetings and a Hackathon in the works for July.   Stay tuned and be sure to spread the word!
  
Please RSVP (to mike.tracy@gmail.com) no later than 4:00pm June 1st to make sure we can get you in the building.
+
If you're interested in speaking, sponsoring or hosting an event, [mailto:info@owasp-chicago.org please contact us].
  
==Agenda==
+
= General Information =
  
* 6:00-6:30 punch and pie
+
Anyone in our area interested in application security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.
* 6:30-8:30 another round of lightning talks
 
  
We has so much fun doing the first round of lightning talks that we're going to give it another go.
+
Make sure you sign up for the mailing list to receive meeting announcements. Our mailing list is at: https://lists.owasp.org/mailman/listinfo/owasp-chicago
  
Have a subject you can talk about in 10-20 minutes?  Have a subject you'd like to see talked about in the same span?  OWASP Chicago chapter is hosting an evening of lightning talks on the subjects you want to hear.
+
Follow (and/or DM us) on Twitter: [https://twitter.com/owaspchicago @owaspchicago]<br>
 +
LinkedIn: https://www.linkedin.com/groups/4049846
  
Tentatively scheduled:
+
Chat with us on SLACK.  https://owasp.slack.com/
  
* Tom Brennan    "OWASP where we are... where we are going"
+
If you have any questions about the Chicago chapter, please send an email to [mailto:michael.allen@owasp.org Michael Allen] or [mailto:joe.blanchard@owasp.org Joe Blanchard]
* Daniel Crowley  "Jack of all Formats"
 
* William Cummins "Donald Rumsfeld is my Co-Pilot: a cautionary tale"
 
* Kuai Hinojosa  TBD
 
* Jacob Kitchel  TBD
 
* Rafal Los      "This is a Talk I Pulled from My Magic Hat"
 
* Peter Morgan    TBD
 
* Greg Ose        TBD
 
* YOU!
 
  
  
Submit talks or ideas for talks to mike.tracy@gmail.com and we'll get things rolling.
+
Interesting in being a sponsor or presenting at an event?  Contact us at info@owasp-chicago.org
  
Also, follow (and/or DM us) on twitter @owaspchicago
+
= Presentation History =
  
We'll firm up the evening's agenda as we get submissions.
+
== Past Talks ==
 +
Codeburner - SCA. Video (https://vimeo.com/163686756)
  
== General Information ==
+
Harnessing the Security Champion Model.  '''By Joe Blanchard''' - Video (https://vimeo.com/163686635)
  
Anyone in our area interested in information security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.
+
Application Security Automation and Governance''' by Michael Allen'''
  
Make sure you sign up for the mailing list to receive meeting announcements.
+
'Android Application Security: Common Pitfalls and How To Avoid Them''' by Drew Suarez'''
  
We have a mailing list at: https://lists.owasp.org/mailman/listinfo/owasp-chicago
+
Introducing [https://github.com/dmayer/idb idb]: Simplified Blackbox iOS App Pentesting by Daniel Mayer
  
If you have any questions about the Chicago chapter, please send an email to our chapter leaders [mailto:mtracy@matasano.com Mike Tracy] or [mailto:jason@wittys.com Jason Witty.]
+
Tips for Building a Successful Application Security Program by Clint Pollock
  
 +
You Will Perish In Flames: Simple Rules For Safely Handling Crypto by Thomas Ptacek
  
 +
A9: Discovering Vulnerable Components with [https://www.owasp.org/index.php/OWASP_Dependency_Check OWASP Dependency-Check] by Steve Springett
  
==Presentation abstracts==
+
How to Get the Most Out of Your Security Consulting Experience by Erin Ptacek
  
== Presentation Archives ==
+
Repsheet: A Behavior Based Approach to Web Application Security by Aaron Bedra
 +
 
 +
Forget About BYOD: Develop a Realistic Mobile Security Policy by Tom Bain
 +
 
 +
Android Internals: From Forensics to Vulnerabilities by Drew Suarez
 +
 
 +
An Application Pen Tester’s Intro to Android Internals by Tom Palarz
  
 
Bad Cocktail: Spear Phishing - Mike Zusman - Presentation slides [https://www.owasp.org/images/6/60/Zusman_Chicago_2008.pdf here]
 
Bad Cocktail: Spear Phishing - Mike Zusman - Presentation slides [https://www.owasp.org/images/6/60/Zusman_Chicago_2008.pdf here]
Line 58: Line 58:
 
Automated Thrash Testing - Andre Gironda - Presentation slides [http://www.owasp.org/images/3/32/Auto-thrash-testing.pdf here]<BR>
 
Automated Thrash Testing - Andre Gironda - Presentation slides [http://www.owasp.org/images/3/32/Auto-thrash-testing.pdf here]<BR>
  
Defeating Information Leak Prevention - Eric Monti - Presentation slides [https://www.owasp.org/images/4/4a/OWASP-CHI07-Defeating_Extrusion_Detection.pdf here]<BR>
+
Defeating Information Leak Prevention - Eric Monti - Presentation slides [https://www.owasp.org/images/4/4a/OWASP-CHI07-Defeating_Extrusion_Detection.pdf here]
 
 
 
 
'''[http://wittys.com/owasp/OWASP_Chicago_Thomas_Ptacek.pdf]Webapps In Name Only'''
 
Thomas Ptacek, Matasano Security
 
 
 
Where modern network architecture meets legacy application design, we get "The Port 80 Problem": vendors wrapping every conceivable network protocol in a series of POSTs and calling them "safe". These "Webapps In Name Only" are a nightmare for application security specialists.
 
  
In this talk, we'll discuss, with case studies, how tools from protocol reverse engineering can be brought to bear on web application security, covering the following areas:
 
  
- Locating and Decompiling Java and .NET Code
+
[http://wittys.com/owasp/OWASP_Chicago_Thomas_Ptacek.pdf]Webapps In Name Only Thomas Ptacek, Matasano Security
- Structure and Interpretation of Binary Protocols in HTTP
 
- Protocol Debugging Tools
 
- Web App Crypto Tricks
 
  
'''[http://wittys.com/owasp/cscott-Stronger%20Web%20Authentication-v1.0.ppt]Token-less strong authentication for web applications: A Security Review'''
+
[http://wittys.com/owasp/cscott-Stronger%20Web%20Authentication-v1.0.ppt]Token-less strong authentication for web applications: A Security Review
 
Cory Scott, ABN AMRO
 
Cory Scott, ABN AMRO
  
A short presentation on the threat models and attack vectors for token-less schemes used to reduce the risk of password-only authentication, but yet do not implement "true" two-factor technologies for logistical costs or user acceptance reasons. We'll go over how device fingerprinting and IP geo-location work and discuss the pros and cons of the solutions.  
+
[https://www.owasp.org/images/8/88/Secure_Password_Storage_%40OWASPChicago.pdf]Secure Password Storage John Steven, Cigital
  
 +
[http://www.offenseindepth.com/slides/Stripe_OWASP.pdf]Stripe CTF 2.0; A Walkthrough Jeff Jarmoc, Dell SecureWorks and Zack Fasel, Dubsec Labs
  
  
<paypal>Chicago</paypal>
+
==== Chicago OWASP Chapter Leaders ====
 +
* [mailto:michael.allen@owasp.org Michael Allen] - Chapter Lead
 +
* [mailto:joe.blanchard@owasp.org Joe Blanchard] - Chapter Lead
 +
*Rob Halvert - Presenter Lead
 +
*Adam Lewis - Venue Lead
 +
*Christopher Ehinger - Sponsor Lead
 +
*Vaune Carr
 +
*John Downey
 +
*Matt Konda - Previous Chapter Lead
  
==== Chicago OWASP Chapter Leaders ====
 
[mailto:mtracy@matasano.com Mike Tracy]
 
  
[mailto:jason@wittys.com Jason Witty]
 
 
__NOTOC__
 
__NOTOC__
<headertabs/>
+
<headertabs />
 
[[Category:OWASP Chapter]]
 
[[Category:OWASP Chapter]]
 +
[[Category:United States]]
 
[[Category:Illinois]]
 
[[Category:Illinois]]

Latest revision as of 13:58, 28 January 2018

For more information on OWASP Chicago meetings, please visit http://www.meetup.com/OWASP-Chicago-Chapter/ for more information.

We have a very active 2016 summer planned! June & August Chapter meetings and a Hackathon in the works for July. Stay tuned and be sure to spread the word!

If you're interested in speaking, sponsoring or hosting an event, please contact us.

Anyone in our area interested in application security is welcome to attend. Our meetings are informal and encourage open discussion of all aspects of application security. We invite attendees to give short presentations about specific topics.

Make sure you sign up for the mailing list to receive meeting announcements. Our mailing list is at: https://lists.owasp.org/mailman/listinfo/owasp-chicago

Follow (and/or DM us) on Twitter: @owaspchicago
LinkedIn: https://www.linkedin.com/groups/4049846

Chat with us on SLACK. https://owasp.slack.com/

If you have any questions about the Chicago chapter, please send an email to Michael Allen or Joe Blanchard


Interesting in being a sponsor or presenting at an event? Contact us at info@owasp-chicago.org

Past Talks

Codeburner - SCA. Video (https://vimeo.com/163686756)

Harnessing the Security Champion Model. By Joe Blanchard - Video (https://vimeo.com/163686635)

Application Security Automation and Governance by Michael Allen

'Android Application Security: Common Pitfalls and How To Avoid Them by Drew Suarez

Introducing idb: Simplified Blackbox iOS App Pentesting by Daniel Mayer

Tips for Building a Successful Application Security Program by Clint Pollock

You Will Perish In Flames: Simple Rules For Safely Handling Crypto by Thomas Ptacek

A9: Discovering Vulnerable Components with OWASP Dependency-Check by Steve Springett

How to Get the Most Out of Your Security Consulting Experience by Erin Ptacek

Repsheet: A Behavior Based Approach to Web Application Security by Aaron Bedra

Forget About BYOD: Develop a Realistic Mobile Security Policy by Tom Bain

Android Internals: From Forensics to Vulnerabilities by Drew Suarez

An Application Pen Tester’s Intro to Android Internals by Tom Palarz

Bad Cocktail: Spear Phishing - Mike Zusman - Presentation slides here

Making Money on the Web The Blackhat Way - Jeremiah Grossman - Presentation slides here

Extreme Client-Side Exploitation - Nate McFeters - Presentation slides here

Automated Thrash Testing - Andre Gironda - Presentation slides here

Defeating Information Leak Prevention - Eric Monti - Presentation slides here


[1]Webapps In Name Only Thomas Ptacek, Matasano Security

[2]Token-less strong authentication for web applications: A Security Review Cory Scott, ABN AMRO

[3]Secure Password Storage John Steven, Cigital

[4]Stripe CTF 2.0; A Walkthrough Jeff Jarmoc, Dell SecureWorks and Zack Fasel, Dubsec Labs


Chicago OWASP Chapter Leaders

  • Michael Allen - Chapter Lead
  • Joe Blanchard - Chapter Lead
  • Rob Halvert - Presenter Lead
  • Adam Lewis - Venue Lead
  • Christopher Ehinger - Sponsor Lead
  • Vaune Carr
  • John Downey
  • Matt Konda - Previous Chapter Lead