Difference between revisions of "Dallas"

From OWASP
Jump to: navigation, search
(7 intermediate revisions by one user not shown)
Line 1: Line 1:
 
{{Chapter Template|chaptername=Dallas|extra=The chapter leaders are
 
{{Chapter Template|chaptername=Dallas|extra=The chapter leaders are
 
   
 
   
Chapter Lead- [mailto:gmccormick@tmsgi.com Gene McCormick]
+
Chapter Lead- [mailto:mparsons@parsonsisconsulting. Matt Parsons]
  
 
Hospitality/Facilities Lead- [mailto:rikjones@dcccd.edu Rik Jones]
 
Hospitality/Facilities Lead- [mailto:rikjones@dcccd.edu Rik Jones]
Line 7: Line 7:
 
Membership Lead- [mailto:norm.smith75022@gmail.com Norm Smith]
 
Membership Lead- [mailto:norm.smith75022@gmail.com Norm Smith]
  
Programs Lead- [mailto:mparsons@parsonsisconsulting. Matt Parsons]
+
Speakers Lead- [mailto:pperfetti@impactsecurityllc.com Peter Perfetti]
  
Web/Technology Lead- [mailto:mynoralva@gmail.com Mynor Alvarado]  
+
Technology Lead- [mailto:mynoralva@gmail.com Mynor Alvarado]  
  
Board Member- [mailto:andrea.wendeln@gmail.com Andrea Wendeln]
+
Web Lead- [mailto:jeromme.lawler@astechconsulting.com Jeromme Lawler]
 
+
Board Member- [mailto:don.mcmillian@acs-inc.com Don McMillian]
+
  
 
Board Member- [mailto:tshelton@hawkdefense.com Tim Shelton]
 
Board Member- [mailto:tshelton@hawkdefense.com Tim Shelton]
  
Board Member- [mailto:jeromme.lawler@astechconsulting.com Jeromme Lawler]
 
 
<br>
 
<br>
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}  
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}  
Line 44: Line 41:
 
==== Announcements  ====
 
==== Announcements  ====
  
== October Meeting ==
+
== May Meeting ==
'''When:''' Wednesday October 3, 2012 from 11:30 AM – 1:00 PM
+
  
 +
'''When:''' Wednesday May 8, 2013 from 11:30 AM – 1:00 PM
  
'''Topic: ''' Exploitation Techniques and Mitigation
 
  
The topic will be covering exploitation techniques and mitigation. The presentation will cover different types of attacks, along with source code examples of the insecure code. The speaker will be covering exploit development techniques and tools. He will also discuss how attackers can bypass exploit mitigation techniques, and how developers can use this knowledge to develop more secure code.
+
'''Topic: ''' Implementation Patterns for Software Security Programs
  
  
'''Who:''' James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc
+
Most organizations have finally realized that the software applications they are developing and deploying exposes them to significant risks.  Organizations that are serious about this issue have started rolling  out software security programs to address these risks in a structured manner.  The challenge for these organizations is to determine what measures to put in place and how to implement those measures to best reduce their exposure.  Efforts such as BISMM, OpenSAMM and Microsoft¹s SDL have shown that there are a number of components of software security programs that are reasonably standard, but there are different ways of implementing tools and deploying processes so what was successful for one organization does not guarantee success in others.  Matching implementation strategies to the specific capabilities, limitations,  strengths and weaknesses of the organizations is critical to a successful program roll-out.
  
James McFadyen works as an Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc.. He is active at the University of Texas at Dallas Computer Security Group, where he does research reverse engineering, web application security, cryptography and exploitation. He has been researching exploit development for over 3 years. He is a member of blacksecurity, a Dallas security group.
 
  
 +
This presentation relates several example case studies for organizations rolling out different portions of their software security programs.  Although every organization is different, looking across multiple program implementations allows patterns to emerge and these patterns can provide guidance to other organizations looking to organize plans for their software security programs.
  
'''Where:'''
 
  
Richland College
+
Several aspects of program rollout and the associated program are covered.  Firstly, the presentation provides a discussion of selecting the organizational "owner" of the software security program.  Although many parts of the organization must be involved, one group must be ultimately responsible for the security state of software developed and deployed.  Then the presentation looks into three specific software security activities: static code analysis, dynamic application testing and developer security education. Several implementation patterns for each of these activity rollouts are outlined along with factors organizations can use to decide if a particular approach is well suited to their needs.  These patterns help to provide templates that minimize the requirement of an organization to experiment and break new, risky ground by allowing them to benefit from lessons learned from previous efforts.
  
12800 Abrams Road
 
  
Dallas, TX 75243
+
The presentation is vendor-neutral and based on experiences working with several organizations creating software security programs.
  
  
Room: Sabine Hall: SH118
+
'''Who:''': Dan Cornell, Principal, Denim Group
 +
 
 +
 
 +
Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.
 +
 
 +
 
 +
Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway and OWASP EU Summit in Portugal.
 +
 
 +
 
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117 (Please Note Room)
  
  
Line 73: Line 76:
  
  
Don't forget to bring your lunch!
+
== February Meeting ==
 +
'''When:''' Wednesday February 6, 2013 from 11:30 AM – 1:00 PM
  
 +
'''Topic: ''' Using Webappsec Vulns to Break Censorship
 +
 +
'''Who:''': Robert Hansen, a.k.a. rsnake
 +
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117 (Please Note Room Change)
 +
 +
[http://www.richlandcollege.edu/map/ Map]
 +
 +
== January Meeting ==
 +
No Dallas OWASP meeting in Jan.
 +
 +
== December Meeting ==
 +
No Dallas OWASP meeting in Dec.
 +
 +
== November Meeting ==
 +
'''When:''' Wednesday November 7, 2012 from 11:30 AM – 1:00 PM
 +
 +
'''Topic: ''' Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape
 +
 +
'''Who:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
 +
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
 +
 +
[http://www.richlandcollege.edu/map/ Map]
 +
 +
== October Meeting ==
 +
'''When:''' Wednesday October 3, 2012 from 11:30 AM – 1:00 PM
 +
 +
'''Topic: ''' Exploitation Techniques and Mitigation
 +
 +
'''Who:''' James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc
 +
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
 +
 +
[http://www.richlandcollege.edu/map/ Map]
  
 
== September Meeting ==
 
== September Meeting ==
Line 206: Line 245:
 
==== Presentation Archives  ====
 
==== Presentation Archives  ====
  
 +
== November 7, 2012 ==
 +
 +
'''Title: ''' Internet Security Threat Report
 +
 +
'''Speaker:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
 +
 +
'''Slides''':
 +
[[Media:Symantec_ISTR_17.pdf‎]]
  
 
==February 1, 2012==
 
==February 1, 2012==

Revision as of 19:34, 16 March 2013

OWASP Dallas

Welcome to the Dallas chapter homepage. The chapter leaders are

Chapter Lead- Matt Parsons

Hospitality/Facilities Lead- Rik Jones

Membership Lead- Norm Smith

Speakers Lead- Peter Perfetti

Technology Lead- Mynor Alvarado

Web Lead- Jeromme Lawler

Board Member- Tim Shelton



Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

THANKS TO OUR SPONSORS: The Dallas Chapter of OWASP would like to thank Richland College for hosting our monthly meetings.

Get Connected and Stay Connected

The Dallas OWASP chapter is proud to announce several new ways to keep in touch with the leadership and other members of the chapter and greater organization.

In addition to our Mailing List we also have a Dallas OWASP Twitter Feed a Dallas OWASP Facebook Page and a Dallas OWASP Linkedin Group. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.

Click any of the links below to visit the corresponding Dallas OWASP social networking groups:

Join the list.png Follow-us-on-twitter.png Join-us-on-Facebook.jpg Linkedin-button.gif


Announcements

May Meeting

When: Wednesday May 8, 2013 from 11:30 AM – 1:00 PM


Topic: Implementation Patterns for Software Security Programs


Most organizations have finally realized that the software applications they are developing and deploying exposes them to significant risks. Organizations that are serious about this issue have started rolling out software security programs to address these risks in a structured manner. The challenge for these organizations is to determine what measures to put in place and how to implement those measures to best reduce their exposure. Efforts such as BISMM, OpenSAMM and Microsoft¹s SDL have shown that there are a number of components of software security programs that are reasonably standard, but there are different ways of implementing tools and deploying processes so what was successful for one organization does not guarantee success in others. Matching implementation strategies to the specific capabilities, limitations, strengths and weaknesses of the organizations is critical to a successful program roll-out.


This presentation relates several example case studies for organizations rolling out different portions of their software security programs. Although every organization is different, looking across multiple program implementations allows patterns to emerge and these patterns can provide guidance to other organizations looking to organize plans for their software security programs.


Several aspects of program rollout and the associated program are covered. Firstly, the presentation provides a discussion of selecting the organizational "owner" of the software security program. Although many parts of the organization must be involved, one group must be ultimately responsible for the security state of software developed and deployed. Then the presentation looks into three specific software security activities: static code analysis, dynamic application testing and developer security education. Several implementation patterns for each of these activity rollouts are outlined along with factors organizations can use to decide if a particular approach is well suited to their needs. These patterns help to provide templates that minimize the requirement of an organization to experiment and break new, risky ground by allowing them to benefit from lessons learned from previous efforts.


The presentation is vendor-neutral and based on experiences working with several organizations creating software security programs.


Who:: Dan Cornell, Principal, Denim Group


Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies.


Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway and OWASP EU Summit in Portugal.


Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117 (Please Note Room)


Map


February Meeting

When: Wednesday February 6, 2013 from 11:30 AM – 1:00 PM

Topic: Using Webappsec Vulns to Break Censorship

Who:: Robert Hansen, a.k.a. rsnake

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117 (Please Note Room Change)

Map

January Meeting

No Dallas OWASP meeting in Jan.

December Meeting

No Dallas OWASP meeting in Dec.

November Meeting

When: Wednesday November 7, 2012 from 11:30 AM – 1:00 PM

Topic: Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape

Who: John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

October Meeting

When: Wednesday October 3, 2012 from 11:30 AM – 1:00 PM

Topic: Exploitation Techniques and Mitigation

Who: James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

September Meeting

When: Wednesday September 12, 2012 from 11:30 AM – 1:00 PM

Topic: The Importance of Application Security.

Who: Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

August Meeting

When: Wednesday August 1, 2012 from 11:30 AM – 1:00 PM

Topic: Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web.

Who: Derek Soeder, founder, Ridgeway Internet Security

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

Slides: Media:Malicious Math - Final.pptx‎

July Meeting

When: Wednesday July 11, 2012 from 11:30 AM – 1:00 PM

Topic: Reinventing Dynamic Testing: Real-Time Hybrid

Who: Adam Hils; Senior Product Manager HP Enterprise Security Products

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

June Meeting

When: Wednesday June 6, 2012 from 11:30 AM – 1:00 PM

Topic: Is There An End to Testing Ourselves Secure?

Who: Rohit Sethi; Vice President, Product Development, SD Elements

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

May Meeting

When: Wednesday, May 2, 2012 from 11:30 AM to 1:00 PM

Topic: OWASP and PCI DSS Requirement 6.5

OWASP and PCI DSS Requirement 6.5. Keeping current with the OWASP top 10 and how it impacts companies PCI compliance and training. Tony will discuss how McAfee complies to the requirement and how McAfee must make changes to match the current top 10 as well has making sure that developers keep up to date on training.

Who: Tony Gunn; Director of Security Operations for McAfee

Where: North Lake College (Central Campus) 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: A Room: 206

Map

March Meeting

When: March 7, 2012, 11:30am - 1:00pm

Topic: AAA for Hybrid Cloud Environment

During this session, presented by Symplified, we will explore four areas of interest.

Web, SaaS, Mobile Application Adoption Protecting sensitive data WAM for the Public Cloud Identity Sprawl

Who: Cullen Landrum, CISSP is a Senior Systems Engineer at Symplified.

Where: North Lake College (Central Campus), 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: A Room: 206

Map

February Meeting

When: February 1, 2012, 11:30am - 1:00pm

Topic: Web Application Vulnerability Testing with Nessus

Who: Rik A. Jones is a Senior Information Security Analyst for the Dallas County Community College District (DCCCD)

Where: SMU Caruth Hall Palmer Conference Center / 406 Caruth Hall 3145 Dyer Street Dallas, Texas 75205

Map (Caruth Hall is building 44 on the campus map link.)

January Meeting

When: January 11, 2012, 11:30am - 1:00pm

Topic: OWASP TOP 10

Power point demonstration of OWASP Top Ten Web Application Security Vulnerabilities with actual hacking examples. This presentation will cover such vulnerabilities as SQL injection, XSS and CSRF. Discussion, hands on exercise and question and answer session.

Who: Matt Parsons, VP Parsons Software Security Consulting

Where: North Lake College (Central Campus) 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: G Room: 405

Map


Presentation Archives

November 7, 2012

Title: Internet Security Threat Report

Speaker: John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec

Slides: Media:Symantec_ISTR_17.pdf‎

February 1, 2012

Title: Web Application Vulnerability Testing with Nessus

Speaker: Rik A. Jones, Senior Information Security Analyst for the Dallas County Community College District (DCCCD)

Slides: Media:Web Application Vul Testing with Nessus 2012.02.01.pdf‎
Media:OWASP Broken Web Applications 2012.02.01.pdf‎

January 11, 2012

Title: OWASP TOP 10

Speaker: Matt Parsons, VP Parsons Software Security Consulting

Slides: Media:OWASPtopTen.pdf‎