Difference between revisions of "Dallas"

From OWASP
Jump to: navigation, search
(41 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Dallas|extra=The chapter leaders are [mailto:Ryan.Smith@OWASP.org Ryan W Smith], [mailto:andrea.wendeln@gmail.com Andrea Wendeln], [mailto:Don.McMillian@acs-inc.com Don McMillian] and Leah Teutsch (currently on leave).|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}  
+
{{Chapter Template|chaptername=Dallas|extra=The chapter leaders are
 +
 +
Chapter Lead- [mailto:mparsons@parsonsisconsulting. Matt Parsons]
 +
 
 +
Hospitality/Facilities Lead- [mailto:rikjones@dcccd.edu Rik Jones]
 +
 
 +
Membership Lead- [mailto:norm.smith75022@gmail.com Norm Smith]
 +
 
 +
Web/Technology Lead- [mailto:mynoralva@gmail.com Mynor Alvarado]
 +
 
 +
Board Member- [mailto:andrea.wendeln@gmail.com Andrea Wendeln]
 +
 
 +
Board Member- [mailto:don.mcmillian@acs-inc.com Don McMillian]
 +
 
 +
Board Member- [mailto:tshelton@hawkdefense.com Tim Shelton]
 +
 
 +
Board Member- [mailto:jeromme.lawler@astechconsulting.com Jeromme Lawler]
 +
<br>
 +
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}  
 +
 
 +
'''THANKS TO OUR SPONSORS:'''
 +
'''The Dallas Chapter of OWASP would like to thank Richland College for hosting our monthly meetings.'''
  
 
== Get Connected and Stay Connected  ==
 
== Get Connected and Stay Connected  ==
Line 17: Line 38:
 
|}
 
|}
  
'''[http://www.eventbrite.com/event/1287249197 Click here to RSVP for March 2nd (FREE)]'''
+
 
  
 
==== Announcements  ====
 
==== Announcements  ====
  
'''The rumors are true, Dallas OWASP is back in full swing with monthly meetings on the first Wednesday of every month'''<br>
+
== November Meeting ==
'''we're keeping it going on April 6th, 2011 with Peter Profetti of Imapct Security presenting:<br> "Checklist for Application Security, Systems, Internetworking, and Engineering".'''
+
'''When:''' Wednesday November 7, 2012 from 11:30 AM – 1:00 PM
<br>
+
<br>
+
<paypal>Dallas Chapter</paypal>
+
<br>
+
== Next Meeting on April 6, 2011  ==
+
  
===**RECENT&nbsp;UPDATES**===
 
  
* **UPDATE** -  We're currently looking for a sponsor for the lunch, if your company is interested in sponsoring, please email [mailto:Ryan.Smith@OWASP.org Ryan.Smith@OWASP.org]
+
'''Topic: ''' Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape
  
'''Make sure to sign up for any of the social media network links above to get future announcements.'''
+
With the recent announcements regarding Flame, Stuxnet and one to be named, this session will discuss some of the traits and new techniques associated with these APT’s.  This session also discuss mainstream threats and how they are adapting to new technologies.  Understanding some of the new methodologies and how they are being delivered is the first step to countering them and mitigating their risks.  This presentation will enable executives, management and leaders to better understand and communicate the risks that currently exist to our IT environments.  
<br>
+
  
=== Sponsors: ===
 
[[Image:Screen_shot_2011-02-24_at_10.47.51_AM.png|link=http://www.smu.edu]]
 
  
We would like to thanks SMU for agreeing to host us until May, 2011
+
'''Who:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
  
* '''We're currently looking for a sponsor for the lunch, if your company is interested in sponsoring, please email [mailto:Ryan.Smith@OWASP.org Ryan.Smith@OWASP.org] '''
+
John R. Hill is a Principal Security Strategist at Symantec Corporation.  His career in information security and network infrastructure spans over 19 years as an industry veteran. Mr. Hill provides strategy, direction and leadership relating to advance security concepts and new technologies for clients and partners on behalf of Symantec Corporation.
<br>
+
==Meeting Details:==
+
  
'''Title''': Checklist for Application Security, Systems, Internetworking, and Engineering
+
  
'''Speaker''': Peter Perfetti, Impact Security
+
Symantec is a global leader in proving security, storage and systems management solutions to help customers secure and manage their information against risks. Symantec's unique focus is to eliminate risk to information, technology and processes independent of the device, platform, interaction or location.
  
'''Date''': April 6, 2011
+
  
'''Time''': 11:30AM - 1:00 PM
+
Prior to Symantec, Mr. Hill was the Director of Product Strategy and Marketing for the encryption startup Mobile Armor, which was acquired by Trend Micro in February of 2010.  At Mobile Armor, he provided C-level guidance for product strategy, product development, and along with analysis of critical business and market intelligence.  His role also focused on directing national communications and marketing.
  
'''Location''': <br>Southern Methodist University <br>6425 Boaz Lane<br>Dallas TX 75205
+
  
'''Room details are TBD - Stay Tuned For Updates'''
+
Preceding Mobile Armor, Mr. Hill was a Security Evangelist and Product Line Executive for McAfee, Inc., now Intel Corporation. While there he communicated product messaging and strategy for events, CXO level clients, analysts, media and key market influencers.  Mr. Hill also advised product management teams on market trends and provided gap analysis within product lines.
  
'''Directions:'''
+
For campus direction please visit [http://smu.edu/maps/directions.asp http://smu.edu/maps/directions.asp]
+
  
'''Parking:'''
+
Previous to joining McAfee, Mr. Hill worked several years for Internet Security Systems, now IBM, communicating industry best practices and security awareness. His responsibilities included reviewing and consulting on enterprise security related issues and threats.  Along with his history in the security industry, Mr. Hill formerly worked for Enterasys Networks and Cabletron Systems. While in the networking industry, Mr. Hill helped Fortune 100 companies to architect and implement globally connected networks.
For parking, guests have few options, they can use '''Moody Parking Garage for $5''', the machine takes cash or plastic. Otherwise, they can look for free parking spots on '''University Boulevard''' or '''Mcfarlin Boulevard'''.
+
  
'''Campus Map:'''
+
   
An interactive campus map can be found at [http://smu.edu/maps/flash/ http://smu.edu/maps/flash/]
+
Printable map:  
+
  
'''Cost:''' Always Free
+
John is also a professional speaker and has presented at numerous CIO summits, leading industry conferences and events for enterprise organizations and various branches of the US Military and Government.
  
'''RSVP:''' '''[http://www.eventbrite.com/event/1287249197 Click here to RSVP for March 2nd (FREE)]''' or Email [mailto:RyanWSmith@gmail.com Ryan.Smith@OWASP.org]
+
This will help expedite the check-in process. Thanks.
+
  
'''Abstract''':
+
Mr. Hill also holds a Bachelor of Science Degree from Texas A&M University.
  
This presentation outlines the primary risk concerns for application security, audit, and compliance then expands on those topics to create a "Checklist for Application Security, Systems, Internetworking, and Engineering". The presentation begins with understanding the types of risks involved, the current pitfalls (and in some cases pratfalls) companies struggle to endure, and what we can do to fix them. The presenter outlines the basic foundation on how to build a program for success, debunking the myth that you can’t have operational stability, security, and compliance while reducing operating costs, and how using this approach helps to achieve this goal.
 
  
Applications are currently a major attack vector as well as being difficult to keep stable, secure, and compliant. But securing only the applications, or just the infrastructure can lead to compromise; and audit, compliance, and legal problems. By applying the author's philosophy and  checklists to your organization, staff from support, engineering, application development, up to CISOs can more effectively work together to improve security and meet Executive Management’s tolerance for business risk while achieving business objectives. This presentation highlights the issues, demonstrates how the entire enterprise works together, and finally outlines a basic checklist and a methodology for CISOs, Developers, Administrators, and Engineers alike to ensure business and technology risk management work in concert with all technology areas, including audit and compliance.The method draws its strengths from proven frameworks such as OWASP, SAMM, Visible Ops, FFIEC, CoBIT, and ITIL.
+
'''Where:'''
  
'''Speaker Bio''':
+
Richland College
  
Mr. Perfetti has been working in information security for fifteen years. He has been involved in IT Security for the financial services industry for ten years where he has worked as an Information Security Officer as well as having been responsible for vulnerability and threat management, and security engineering. Mr. Perfetti worked for Viacom and MTV as the Manager of Systems Administration and was the Director of IT Risk Management for the National Basketball Association. He has a broad range of experience in both operations and security. Mr. Perfetti provided governance and guidance over risk and compliance issues for the Americas region of ABN AMRO as the Local Information Security Officer for New York. His responsibilities were primarily to manage the risk for infrastructure related technology and operations. Other duties included audit, business continuity, investigations, and security operations oversight. Most recently, he was head of IT Security & Governance at Tygris Commercial Finance. He was formerly the VP of the NY/NJ Metro Chapter of OWASP and is currently a board member of the local chapter. He has served on the IT Security Advisory Board for the Technology Manager’s Forum. Mr. Perfetti’s accomplishments have been discussed in two books on achieving high performing, stable, and secure infrastructure. Currently Mr. Perfetti operates IMPACT Security LLC, a private security contractor firm, that specializes in Vulnerability & Risk Assessment; developing, enhancing, and implementing Security and Risk Management programs; and  Incident & Audit Response, Prevention, and Recovery.
+
12800 Abrams Road
  
==== Presentation Archives  ====
+
Dallas, TX 75243
  
This is a new program, we will start collecting our speakers' presentation materials and make them available for viewing and download here.
 
  
==March 2, 2011==
+
Room: Sabine Hall: SH118
  
'''Title''': OWASP WTE: Application Pen Testing '''your''' way.
 
  
'''Speaker''': Matt Tesauro, [http://bit.ly/fQGqIk OWASP] Board Member, Project Lead for the [http://bit.ly/hIbx9c OWASP WTE Live CD project], and VP of Services at [http://bit.ly/fNj64E Praetorian]  
+
[http://www.richlandcollege.edu/map/ Map]
  
'''Slides''':
 
  
==== Past Meetings Archive  ====
+
Don't forget to bring your lunch!
  
== March 2, 2011  ==
 
  
===**RECENT&nbsp;UPDATES**===
+
== October Meeting ==
 +
'''When:''' Wednesday October 3, 2012 from 11:30 AM – 1:00 PM
  
* **UPDATE** - Matt Tesauro will be bringing a professionally bound copy of the OWASP 2010 Top 10, signed by the authors Jeff Williams (http://www.owasp.org/index.php/User:Jeff_Williams) and Dave Wichers (http://www.owasp.org/index.php/User:Wichers) that he picked up at the Summit.  We'll raffle this at the end of the meeting for all who've registered*. * must be present to win
+
'''Topic: ''' Exploitation Techniques and Mitigation
* We have posted the room and building information below, as well as information about parking and maps of the SMU Campus (2/9/11)
+
* We have added an official EventBright RSVP page.  '''[http://www.eventbrite.com/event/1287249197 Please Click here to RSVP for March 2nd (FREE)]''' (2/8/11)
+
* We have confirmed that Southern Methodist University will host our upcoming meeting on March 2nd. (2/7/11)
+
  
'''Make sure to sign up for any of the social media network links above to get future announcements.'''
+
'''Who:''' James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc
<br>
+
  
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
  
=== Sponsors: ===
+
[http://www.richlandcollege.edu/map/ Map]
[[Image:Veracode_logo_2color_OWASP.jpg|link=http://veracode.com]]
+
  
[[Image:Screen_shot_2011-02-24_at_10.47.51_AM.png|link=http://www.smu.edu]]
+
== September Meeting ==
 +
'''When:''' Wednesday September 12, 2012 from 11:30 AM – 1:00 PM
  
We would like to thanks Veracode for providing a light deli lunch for this meeting, and of course SMU for hosting it.
+
'''Topic: ''' The Importance of Application Security.
  
===Meeting Details:===
+
'''Who:''' Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC
  
'''Title''': OWASP WTE: Application Pen Testing '''your''' way.
+
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
  
'''Speaker''': Matt Tesauro, [http://bit.ly/fQGqIk OWASP] Board Member, Project Lead for the [http://bit.ly/hIbx9c OWASP WTE Live CD project], and VP of Services at [http://bit.ly/fNj64E Praetorian]  
+
[http://www.richlandcollege.edu/map/ Map]
  
'''Date''': March 2, 2011
+
== August Meeting ==
 +
'''When:''' Wednesday August 1, 2012 from 11:30 AM – 1:00 PM
  
'''Time''': 11:30AM - 1:00 PM
+
'''Topic: ''' Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web.
  
'''Location''': '''**Recently Updated**'''<br>Southern Methodist University <br>6425 Boaz Lane<br>Dallas TX 75205
+
'''Who:''' Derek Soeder, founder, Ridgeway Internet Security
  
We will meet at: '''Huitt Zollars room''' located at the '''Embrey building''' at '''SMU Main Campus (Dallas)'''.
+
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
  
'''Directions:'''
+
[http://www.richlandcollege.edu/map/ Map]
For campus direction please visit [http://smu.edu/maps/directions.asp http://smu.edu/maps/directions.asp]
+
  
'''Parking:'''
+
'''Slides''': [[Media:Malicious Math - Final.pptx‎]]
For parking, guests have few options, they can use '''Moody Parking Garage for $5''', the machine takes cash or plastic. Otherwise, they can look for free parking spots on '''University Boulevard''' or '''Mcfarlin Boulevard'''.
+
  
'''Campus Map:'''
+
== July Meeting ==
An interactive campus map can be found at [http://smu.edu/maps/flash/ http://smu.edu/maps/flash/]
+
'''When:''' Wednesday July 11, 2012 from 11:30 AM – 1:00 PM
Printable map:
+
  
'''Cost:''' Always Free
+
'''Topic: ''' Reinventing Dynamic Testing: Real-Time Hybrid
  
'''RSVP:''' Email [mailto:RyanWSmith@gmail.com RyanWSmith@gmail.com] or '''[http://www.eventbrite.com/event/1287249197 Click here to RSVP for March 2nd (FREE)]''' 
+
'''Who:''' Adam Hils; Senior Product Manager HP Enterprise Security Products
This will help expedite the check-in process. Thanks.
+
  
'''Abstract''':  
+
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
  
One of the pain points of application penetration testing is keeping all your tools up to date and installed on whatever computer you happen to have with you. After several successful releases of the OWASP Live CD, I had a bit of a think and decided that there was a better way. After a bunch of re-tooling (the fancy word is refactoring), OWASP WTE is ready for prime time. OWASP Web Testing Environment is a project to package application testing tools and make them available in a variety of ways - you pick what works for you: Live CD, Virtual Machine, ala carte installations on your existing Ubuntu system, or maybe even attack tools in the cloud. The choice is yours with WTE.  
+
[http://www.richlandcollege.edu/map/ Map]
  
In this talk I will cover where OWASP WTE is currently, what features are available and what the future holds. The overall project goal is to make testing tools as widely available and easily usable as possible.
+
== June Meeting ==
 +
'''When:''' Wednesday June 6, 2012 from 11:30 AM – 1:00 PM
  
'''Speaker Bio''':
+
'''Topic: ''' Is There An End to Testing Ourselves Secure?
  
Matt is currently on the board of the [http://bit.ly/fQGqIk OWASP Foundation] and highly involved in many OWASP projects and committees. Matt is the project leader of the [http://bit.ly/hIbx9c OWASP WTE] (Web Testing Environment) which is the source of theOWASP Live CD Project and Virtual Machines pre-configured with tools and documentation for testing web applications.
+
'''Who:''' Rohit Sethi; Vice President, Product Development, SD Elements
  
Matt has been involved in the Information Technology industry for more than 10 years. Matt is currently serving as the VP of services at [http://bit.ly/fNj64E Praetorian], leveraging his experience in application security and consulting. Prior to joining Praetorian, Matt was a Security Consultant at Trustwave's Spider Labs. Matt's focus has been in application security including testing, code reviews, design reviews and training. His background in web application development and system administration helped bring a holistic focus to Secure SDLC efforts he's driven. He has taught both graduate level university courses and for large financial institutions. Matt has presented and provided training a various industry events including DHS Software Assurance Workshop, AppSec EU, AppSec US, AppSec Academia, and AppSec Brazil.
+
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
  
Industry designations include the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH). Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&amp;M University.  
+
[http://www.richlandcollege.edu/map/ Map]
  
Linkedin Profile: http://www.linkedin.com/in/matttesauro 
+
== May Meeting ==
  
<br> '''======================================================'''
+
'''When:''' Wednesday, May 2, 2012 from 11:30 AM to 1:00 PM
  
'''When:''' Tuesday, September 21, 2010 11:30 AM – 1:00 PM
+
'''Topic: ''' OWASP and PCI DSS Requirement 6.5
  
'''Topic: ''' Securing the Smart Grid's Software
+
OWASP and PCI DSS Requirement 6.5. Keeping current with the OWASP top 10 and how it impacts companies PCI compliance and training. Tony will discuss how McAfee complies to the requirement and how McAfee must make changes to match the current top 10 as well has making sure that developers keep up to date on training.
 +
 +
'''Who:''' Tony Gunn; Director of Security Operations for McAfee
 +
 +
'''Where:'''
 +
North Lake College (Central Campus)
 +
5001 N. MacArthur Blvd.
 +
Irving, TX 75038
 +
Phone: 972-273-3000
 +
Building: A
 +
Room: 206
  
'''Who:''' Andy Bochman
+
[http://www.northlakecollege.edu/pages/central-campus-directions.aspx Map]
  
Andy Bochman is Energy Security Lead for IBM's Rational Division, where the focus is on securing the software that runs the Smart Grid. Andy is a contributor to industry and national security working groups on energy security and cyber security. He lives in Boston, is an active member of the MIT Energy Club, and is the founder of the Smart Grid Security and DOD Energy Blogs.
+
== March Meeting ==
  
'''Where:''' CoreLogic, 1 CoreLogic Drive, Westlake, TX 76262 (@15 min from DFW Airport)
+
'''When:''' March 7, 2012, 11:30am - 1:00pm
  
From Dallas: Take 183-West to 114-West (Toward Grapevine) Exit on Solana/Kirkwood Blvd Turn Left onto Kirkwood Blvd Turn Right onto Campus Circle (You will see the CoreLogic sign)
+
'''Topic: ''' AAA for Hybrid Cloud Environment
  
From Fort Worth: Take I-35W North Take exit 70 toward Dallas/Bridgeport/Tx-114 Turn Right onto 114 East Exit on Solana Blvd Turn Right onto Kirkwood Blvd Turn Right onto Campus Circle (You will see the CoreLogic sign)
+
During this session, presented by Symplified, we will explore four areas of interest.
  
Link to Directions (Please Note: CoreLogic (formerly First American) is still listed on Google Maps and other applications as “First American”)
+
Web, SaaS, Mobile Application Adoption
 +
Protecting sensitive data
 +
WAM for the Public Cloud
 +
Identity Sprawl
  
<br> '''Parking:''' Upon arrival at Circle Drive, please pull into the Visitor Kiosk to your right where you will be issued a Visitor’s Parking Pass. Once parked, proceed to Building 5 for your Visitor Badge. The Southlake conference room is located in Building 4, Floor 1.  
+
'''Who:''' Cullen Landrum, CISSP is a Senior Systems Engineer at Symplified.  
  
'''Cost:''' Always Free
+
'''Where:'''  
 +
North Lake College (Central Campus), 5001 N. MacArthur Blvd. Irving, TX 75038
 +
Phone: 972-273-3000
 +
Building: A
 +
Room: 206
  
'''Lunch:''' Bring your own lunch or purchase lunch at the Café in Building 7.  
+
[http://www.northlakecollege.edu/pages/central-campus-directions.aspx Map]
  
'''RSVP:''' [mailto:OWASPDallas@utdallas.edu OWASPDallas@utdallas.edu] This will help expedite the check-in process. Thanks.
+
== February Meeting ==
  
<br> '''======================================================'''  
+
'''When:''' February 1, 2012, 11:30am - 1:00pm
  
<br> '''When:''' Tuesday, June 29, 2010 11:30 AM – 1:00 PM
+
'''Topic: ''' Web Application Vulnerability Testing with Nessus
  
'''Topic: ''' Protecting Your Applications from Backdoors: How to Security Your Business Critical Applications from Time Bombs, BAckdoors &amp; More
+
'''Who:''' Rik A. Jones is a Senior Information Security Analyst for the Dallas County Community College District (DCCCD)
  
With the increasing practice of outsourcing and using 3rd party libraries, it is nearly impossible for an enterprise to identify the pedigree and security of the software running its business critical applications. As a result backdoors and malicious code are increasingly becoming the prevalent attack vector used by hackers. Whether you manage internal development activities, work with third party developers or are developing a COTS application for enterprise, your mandate is clear- safeguard your code and make applications security a priority for internal and external development teams. In this session we will cover; • Prevalence of backdoors and malicious code in third party attacks • Definitions and classifications of backdoors and their impact on your applications • Methods to identify, track and remediate these vulnerabilities
+
'''Where:'''
 +
SMU
 +
Caruth Hall
 +
Palmer Conference Center / 406 Caruth Hall
 +
3145 Dyer Street
 +
Dallas, Texas 75205
  
<br> '''Who:''' Clint Pollock, Senior Solutions Architect, Veracode
+
[http://smu.edu/maps/campus.asp Map]
 +
(Caruth Hall is building 44 on the campus map link.)
  
Mr. Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk. Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches. Clint resides in Chicago, IL.
+
== January Meeting ==
  
'''Where:''' University of Texas at Dallas Campus - School of Management (SOM), Executive Dining Room A, 800 W. Campbell Rd., Richardson, TX 75080
+
'''When:''' January 11, 2012, 11:30am - 1:00pm
  
'''Parking:''' Park in lot M. I will send a permit to those who have RSVP'd by Monday, June 29. Those who do not have the permit will need to stop at the Visitor Center on University Parkway to pick up a pass. Place the permit on the dash.
+
'''Topic: ''' OWASP TOP 10
  
'''Cost:''' Always Free
+
Power point demonstration of OWASP Top Ten Web Application Security Vulnerabilities with actual hacking examples.  This presentation will cover such vulnerabilities as SQL injection, XSS and CSRF.  Discussion, hands on exercise and question and answer session.
  
'''Lunch:''' Bring your own lunch or purchase lunch or come early and purchase lunch at one of the many fast-food restaurants located on the top floor of the Student Union. We are meeting in a differnt building than for previous meetings so be sure to check the on-line map for construction changes. http://www.utdallas.edu/maps/
+
'''Who:''' Matt Parsons, VP Parsons Software Security Consulting
  
'''RSVP:''' [mailto:OWASPDallas@utdallas.edu OWASPDallas@utdallas.edu] This will help expedite the check-in process. Thanks.
+
'''Where:'''  
 +
North Lake College (Central Campus)
 +
5001 N. MacArthur Blvd.
 +
Irving, TX 75038
 +
Phone: 972-273-3000
 +
Building: G
 +
Room: 405
  
<br> '''======================================================'''
+
[http://www.northlakecollege.edu/pages/central-campus-directions.aspx Map]
  
'''When:''' Thursday, May 20, 2010 6:00 PM
 
  
'''Topic: ''' Spring 2010 Networking Event - Network With Your Peers
+
==== Presentation Archives  ====
  
FREE EVENT!!! Your Dallas OWASP Chapter is pleased to host a networking event open to all those involved in OWASP. Our friends at Fortify Software are sponsoring this happy hour.
+
== November 7, 2012 ==
  
• Mix and mingle with fellow OWASP chapter members • Bring your business cards and resume • Appetizers will be served, and drinks will be free • Enter to win prizes and great gifts (must be present to win)
+
'''Title: ''' Internet Security Threat Report
  
Dallas OWASP Website: http://www.owasp.org/index.php/Dallas
+
'''Speaker:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
  
Don't miss the first Spring 2010 Networking event! We look forward to seeing you there!
+
'''Slides''':
 +
[[Media:Symantec_ISTR_17.pdf‎]]
  
'''Where:''' Humperdink's at Loop 12 and NW HWY, 2208 W NW Hwy, Dallas, TX 75220, (214) 358-4159
+
==February 1, 2012==
  
'''Cost:''' Always Free
+
'''Title''':  Web Application Vulnerability Testing with Nessus
  
'''RSVP:''' [mailto:OWASPDallas@utdallas.edu OWASPDallas@utdallas.edu]
+
'''Speaker''': Rik A. Jones, Senior Information Security Analyst for the Dallas County Community College District (DCCCD)
  
'''======================================================'''  
+
'''Slides''':  
 
+
[[Media:Web Application Vul Testing with Nessus 2012.02.01.pdf‎]]<br>
'''When:''' Thursday, March 4, 2010 11:30 AM – 1:00 PM
+
[[Media:OWASP Broken Web Applications 2012.02.01.pdf‎]]
 
+
'''Topic: ''' Technology and Business Risk Management: How Application Security Fits In
+
 
+
This presentation demonstrates how important application security is to the overall stability and security of the infrastructure and ultimately, the business. Presented from the Information Security Officer/Risk Manager point of view, it shows how a strong information security program reduces levels of reputational, operational, legal, and strategic risk by limiting vulnerabilities, increasing stability, and maintaining customer confidence and trust. It focuses on the top concerns of risk managers and how application security fits into the overall risk management process. The audience will be given recommendations on how to improve cost effectiveness and efficiency to achieve business, security, audit, and compliance objectives relative to applications.
+
 
+
'''Who:''' Peter Perfetti, IMPACT Security LLC
+
 
+
Mr. Perfetti has been working in information security for fifteen years. He has been involved in IT Security for the financial services industry for ten years where he has worked as an Information Security Officer as well as having been responsible for vulnerability and threat management, and security engineering. Mr. Perfetti worked for Viacom and MTV as the Manager of Systems Administration and was the Director of IT Risk Management for the National Basketball Association. He has a broad range of experience in both operations and security. Mr. Perfetti provided governance and guidance over risk and compliance issues for the Americas region of ABN AMRO as the Local Information Security Officer for New York. His responsibilities were primarily to manage the risk for infrastructure related technology and operations. Other duties included audit, business continuity, investigations, and security operations oversight. Most recently, he was head of IT Security &amp; Governance at Tygris Commercial Finance. He was formerly the VP of the NY/NJ Metro Chapter of OWASP and is currently a board member of the local chapter. He has served on the IT Security Advisory Board for the Technology Manager’s Forum. Mr. Perfetti’s accomplishments have been discussed in two books on achieving high-performing, stable, and secure infrastructure. Currently Mr. Perfetti operates IMPACT Security LLC, a private security contractor firm, that specializes in Incident &amp; Audit Response, Prevention, and Recovery; as well as developing, enhancing, and implementing Security and Risk Management programs.
+
 
+
'''Where:''' University of Texas at Dallas Campus - Galaxy Room C of the Student Union, 800 W. Campbell Rd., Richardson, TX 75080
+
 
+
'''Parking:''' Park in lot C. I will send a permit to those who have RSVP'd by Tuesday, March 2nd. Those who do not have the permit will need to stop at the Visitor Center on University Parkway to pick up a pass. Place the permit on the dash.
+
 
+
'''Cost:''' Always Free
+
 
+
'''Lunch:''' Bring your own lunch or purchase lunch at one of the many fast-food restaurants located on the top floor of the Student Union.
+
 
+
'''RSVP:''' [mailto:OWASPDallas@utdallas.edu OWASPDallas@utdallas.edu] This will help expedite the check-in process. Thanks.
+
 
+
<br> '''======================================================'''
+
 
+
<br> '''When:''' September 15, 2009, 11:30am - 1:30pm
+
 
+
'''Topic: ''' Detective Work for Testers. Finding Workflow-based Defects.
+
 
+
Workflow-based security defects in Web applications are especially difficult to identify because they evade traditional, point-and-scan vulnerability detection techniques. Understanding these potential defects and why black-box scanners typically miss them, are key to creating a testing strategy for successful detection and mitigation. Rafal Los describes the critical role that testers play in assessing application work flows and how business process-based testing techniques can uncover these flaws. Rafal demystifies the two main types of workflow-based application vulnerabilities-business process logic vulnerabilities and parameter-based vulnerabilities-and provides you with a sound basis to improve your testing strategies. Become a security testing sleuth and learn to find the workflow-based security defects before your system is compromised.
+
 
+
'''Who:''' Rafal Los, Sr. Web Security Specialist, HP Software
+
 
+
Senior Security Specialist with Hewlett-Packard’s Application Security Center (ASC), Rafal Los has more than thirteen years of experience in network and system design, security policy and process design, risk analysis, penetration testing, and consulting. For the past eight years, he has focused on information security and risk management, leading security architecture teams, and managing successful enterprise security programs for General Electric and other Fortune 100 companies, as well as SMB enterprises. Previously, Rafal spent three years in-house with GE Consumer Finance, leading its web application security programs.  
+
 
+
'''Where:''' The First American Co, 1 First American Way, Westlake, TX 76262 (@15 min from DFW Airport)
+
 
+
'''Parking:''' Upon arrival at Circle Drive, please pull into the Visitor Kiosk to your right where you will be issued a Visitor’s Parking Pass. Once parked, proceed to Building 5 for your Visitor Badge. See Map for Directions. [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=1+first+american+way,+westlake,+tx&sll=37.0625,-95.677068&sspn=48.641855,78.837891&ie=UTF8&mrt=rblall&ll=32.980777,-97.174437&spn=0.006336,0.009624&z=17&iwloc=A Link to Directions].
+
 
+
'''Cost:''' Always Free
+
 
+
'''Lunch:''' Bring your own lunch or purchase lunch at the Café in Building 7.
+
 
+
'''RSVP:''' [mailto:OWASPDallas@utdallas.edu OWASPDallas@utdallas.edu] This will help expedite the check-in process. Thanks.
+
 
+
<br> '''======================================================'''
+
 
+
'''When:''' Dallas February 25, 2009 11:30am – 1:30pm
+
 
+
'''Topic:''' Vulnerability Management in an Application Security World. Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.
+
 
+
'''Who:''' Dan Cornell, Principal, Denim Group Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.
+
 
+
'''Where:''' UTD Campus - Galaxy Room of the Student Union, Room SU 2.602 Doors open at 11:00 am.
+
 
+
<br> Dallas OWASP Chapter: February 2009 Meeting
+
 
+
Topic: "Vulnerability Management in an Application Security World."
+
 
+
Presenter: Dan Cornell, Principal, Denim Group
+
 
+
Date: February 25, 2009 11:30am – 1:30pm
+
 
+
Location: UTD Campus - Galaxy Room of the Student Union, Room SU 2.602 Doors open at 11:00 am.
+
 
+
Abstract:
+
 
+
Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.
+
 
+
Presenter Bio:
+
 
+
Dan Cornell has over ten years of experience architecting, developing and securing web-based software systems. As a Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group application security research team, investigating the application of secure coding and development techniques to the improvement of web based software development methodologies. He is also the primary author of sprajax, Denim Group’s open source tool for assessing the security of AJAX-enabled web applications.
+
 
+
[[Dallas OWASP Flyer.pdf]]  
+
  
==== Dallas OWASP Chapter Leaders  ====
+
==January 11, 2012==
  
'''The Dallas OWASP chapter leaders are:'''  
+
'''Title''': OWASP TOP 10
  
[mailto:Ryan.Smith@OWASP.org Ryan W Smith]
+
'''Speaker''': Matt Parsons, VP Parsons Software Security Consulting
  
[mailto:andrea.wendeln@gmail.com Andrea Wendeln]  
+
'''Slides''': [[Media:OWASPtopTen.pdf‎]]
  
[mailto:Don.McMillian@acs-inc.com Don McMillian]
 
  
Leah Teutsch (currently on leave)
+
__NOTOC__
 +
<headertabs />
  
__NOTOC__ <headertabs />
+
[[Category:Texas]]

Revision as of 16:20, 26 November 2012

OWASP Dallas

Welcome to the Dallas chapter homepage. The chapter leaders are

Chapter Lead- Matt Parsons

Hospitality/Facilities Lead- Rik Jones

Membership Lead- Norm Smith

Web/Technology Lead- Mynor Alvarado

Board Member- Andrea Wendeln

Board Member- Don McMillian

Board Member- Tim Shelton

Board Member- Jeromme Lawler

Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

THANKS TO OUR SPONSORS: The Dallas Chapter of OWASP would like to thank Richland College for hosting our monthly meetings.

Get Connected and Stay Connected

The Dallas OWASP chapter is proud to announce several new ways to keep in touch with the leadership and other members of the chapter and greater organization.

In addition to our Mailing List we also have a Dallas OWASP Twitter Feed a Dallas OWASP Facebook Page and a Dallas OWASP Linkedin Group. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.

Click any of the links below to visit the corresponding Dallas OWASP social networking groups:

Join the list.png Follow-us-on-twitter.png Join-us-on-Facebook.jpg Linkedin-button.gif


Announcements

November Meeting

When: Wednesday November 7, 2012 from 11:30 AM – 1:00 PM


Topic: Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape

With the recent announcements regarding Flame, Stuxnet and one to be named, this session will discuss some of the traits and new techniques associated with these APT’s. This session also discuss mainstream threats and how they are adapting to new technologies. Understanding some of the new methodologies and how they are being delivered is the first step to countering them and mitigating their risks. This presentation will enable executives, management and leaders to better understand and communicate the risks that currently exist to our IT environments.


Who: John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec

John R. Hill is a Principal Security Strategist at Symantec Corporation. His career in information security and network infrastructure spans over 19 years as an industry veteran. Mr. Hill provides strategy, direction and leadership relating to advance security concepts and new technologies for clients and partners on behalf of Symantec Corporation.


Symantec is a global leader in proving security, storage and systems management solutions to help customers secure and manage their information against risks. Symantec's unique focus is to eliminate risk to information, technology and processes independent of the device, platform, interaction or location.


Prior to Symantec, Mr. Hill was the Director of Product Strategy and Marketing for the encryption startup Mobile Armor, which was acquired by Trend Micro in February of 2010. At Mobile Armor, he provided C-level guidance for product strategy, product development, and along with analysis of critical business and market intelligence. His role also focused on directing national communications and marketing.


Preceding Mobile Armor, Mr. Hill was a Security Evangelist and Product Line Executive for McAfee, Inc., now Intel Corporation. While there he communicated product messaging and strategy for events, CXO level clients, analysts, media and key market influencers. Mr. Hill also advised product management teams on market trends and provided gap analysis within product lines.


Previous to joining McAfee, Mr. Hill worked several years for Internet Security Systems, now IBM, communicating industry best practices and security awareness. His responsibilities included reviewing and consulting on enterprise security related issues and threats. Along with his history in the security industry, Mr. Hill formerly worked for Enterasys Networks and Cabletron Systems. While in the networking industry, Mr. Hill helped Fortune 100 companies to architect and implement globally connected networks.


John is also a professional speaker and has presented at numerous CIO summits, leading industry conferences and events for enterprise organizations and various branches of the US Military and Government.


Mr. Hill also holds a Bachelor of Science Degree from Texas A&M University.


Where:

Richland College

12800 Abrams Road

Dallas, TX 75243


Room: Sabine Hall: SH118


Map


Don't forget to bring your lunch!


October Meeting

When: Wednesday October 3, 2012 from 11:30 AM – 1:00 PM

Topic: Exploitation Techniques and Mitigation

Who: James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

September Meeting

When: Wednesday September 12, 2012 from 11:30 AM – 1:00 PM

Topic: The Importance of Application Security.

Who: Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

August Meeting

When: Wednesday August 1, 2012 from 11:30 AM – 1:00 PM

Topic: Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web.

Who: Derek Soeder, founder, Ridgeway Internet Security

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

Slides: Media:Malicious Math - Final.pptx‎

July Meeting

When: Wednesday July 11, 2012 from 11:30 AM – 1:00 PM

Topic: Reinventing Dynamic Testing: Real-Time Hybrid

Who: Adam Hils; Senior Product Manager HP Enterprise Security Products

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

June Meeting

When: Wednesday June 6, 2012 from 11:30 AM – 1:00 PM

Topic: Is There An End to Testing Ourselves Secure?

Who: Rohit Sethi; Vice President, Product Development, SD Elements

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

May Meeting

When: Wednesday, May 2, 2012 from 11:30 AM to 1:00 PM

Topic: OWASP and PCI DSS Requirement 6.5

OWASP and PCI DSS Requirement 6.5. Keeping current with the OWASP top 10 and how it impacts companies PCI compliance and training. Tony will discuss how McAfee complies to the requirement and how McAfee must make changes to match the current top 10 as well has making sure that developers keep up to date on training.

Who: Tony Gunn; Director of Security Operations for McAfee

Where: North Lake College (Central Campus) 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: A Room: 206

Map

March Meeting

When: March 7, 2012, 11:30am - 1:00pm

Topic: AAA for Hybrid Cloud Environment

During this session, presented by Symplified, we will explore four areas of interest.

Web, SaaS, Mobile Application Adoption Protecting sensitive data WAM for the Public Cloud Identity Sprawl

Who: Cullen Landrum, CISSP is a Senior Systems Engineer at Symplified.

Where: North Lake College (Central Campus), 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: A Room: 206

Map

February Meeting

When: February 1, 2012, 11:30am - 1:00pm

Topic: Web Application Vulnerability Testing with Nessus

Who: Rik A. Jones is a Senior Information Security Analyst for the Dallas County Community College District (DCCCD)

Where: SMU Caruth Hall Palmer Conference Center / 406 Caruth Hall 3145 Dyer Street Dallas, Texas 75205

Map (Caruth Hall is building 44 on the campus map link.)

January Meeting

When: January 11, 2012, 11:30am - 1:00pm

Topic: OWASP TOP 10

Power point demonstration of OWASP Top Ten Web Application Security Vulnerabilities with actual hacking examples. This presentation will cover such vulnerabilities as SQL injection, XSS and CSRF. Discussion, hands on exercise and question and answer session.

Who: Matt Parsons, VP Parsons Software Security Consulting

Where: North Lake College (Central Campus) 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: G Room: 405

Map


Presentation Archives

November 7, 2012

Title: Internet Security Threat Report

Speaker: John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec

Slides: Media:Symantec_ISTR_17.pdf‎

February 1, 2012

Title: Web Application Vulnerability Testing with Nessus

Speaker: Rik A. Jones, Senior Information Security Analyst for the Dallas County Community College District (DCCCD)

Slides: Media:Web Application Vul Testing with Nessus 2012.02.01.pdf‎
Media:OWASP Broken Web Applications 2012.02.01.pdf‎

January 11, 2012

Title: OWASP TOP 10

Speaker: Matt Parsons, VP Parsons Software Security Consulting

Slides: Media:OWASPtopTen.pdf‎