Difference between revisions of "Dallas"

From OWASP
Jump to: navigation, search
m
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Chapter Template|chaptername=Dallas|extra=The chapter leaders are
 
{{Chapter Template|chaptername=Dallas|extra=The chapter leaders are
 
   
 
   
Chapter Lead- [mailto:mparsons@parsonsisconsulting. Matt Parsons]
+
Chapter Lead- [mailto:mparsons@parsonsisconsulting.com Matt Parsons]
  
 
Hospitality/Facilities Lead- [mailto:rikjones@dcccd.edu Rik Jones]
 
Hospitality/Facilities Lead- [mailto:rikjones@dcccd.edu Rik Jones]
Line 7: Line 7:
 
Membership Lead- [mailto:norm.smith75022@gmail.com Norm Smith]
 
Membership Lead- [mailto:norm.smith75022@gmail.com Norm Smith]
  
Web/Technology Lead- [mailto:mynoralva@gmail.com Mynor Alvarado]  
+
Speakers Lead- [mailto:pperfetti@impactsecurityllc.com Peter Perfetti]
  
Board Member- [mailto:andrea.wendeln@gmail.com Andrea Wendeln]
+
Technology Lead- [mailto:jeffdsmith@gmail.com JD Smith]  
  
Board Member- [mailto:don.mcmillian@acs-inc.com Don McMillian]
+
Web Lead- [mailto:jeromme.lawler@astechconsulting.com Jeromme Lawler]
  
 
Board Member- [mailto:tshelton@hawkdefense.com Tim Shelton]
 
Board Member- [mailto:tshelton@hawkdefense.com Tim Shelton]
  
Board Member- [mailto:jeromme.lawler@astechconsulting.com Jeromme Lawler]
 
 
<br>
 
<br>
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}  
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-dallas|emailarchives=http://lists.owasp.org/pipermail/owasp-dallas}}  
  
 
'''THANKS TO OUR SPONSORS:'''
 
'''THANKS TO OUR SPONSORS:'''
'''The Dallas Chapter of OWASP would like to thank Richland College for hosting our monthly meetings.'''
+
'''The Dallas Chapter of OWASP would like to thank Richland College for hosting our meetings.'''
  
 
== Get Connected and Stay Connected  ==
 
== Get Connected and Stay Connected  ==
 
The Dallas OWASP chapter is proud to announce several new ways to keep in touch with the leadership and other members of the chapter and greater organization.
 
  
 
In addition to our [http://bit.ly/fWT3pN Mailing List] we also have a [http://bit.ly/eHEW6O Dallas OWASP Twitter Feed] a [http://on.fb.me/fHr5XY Dallas OWASP Facebook Page] and a [http://linkd.in/g3WxGG Dallas OWASP Linkedin Group]. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.  
 
In addition to our [http://bit.ly/fWT3pN Mailing List] we also have a [http://bit.ly/eHEW6O Dallas OWASP Twitter Feed] a [http://on.fb.me/fHr5XY Dallas OWASP Facebook Page] and a [http://linkd.in/g3WxGG Dallas OWASP Linkedin Group]. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.  
Line 39: Line 36:
  
  
 +
=== Announcements  ===
  
==== Announcements  ====
+
== October Meeting ==
 +
'''When:''' Wednesday October 1, 2014 from 11:30 AM – 1:00 PM
  
== November Meeting ==
 
'''When:''' Wednesday November 7, 2012 from 11:30 AM – 1:00 PM
 
  
 +
'''Topic: '''Succeeding with Enterprise Software Security Key Performance Indicators
  
'''Topic: ''' Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape
+
Enterprise software security has been a hot topic for over a decade, yet enterprises of all sizes continue to fail at explaining measurable gains, but why? The answer lies in what and how it is measured. Success begins with realistic, business-aligned KPIs which can be effectively measured to demonstrate improvement, or lack thereof. Come learn what, and how to effectively measure software security.
  
With the recent announcements regarding Flame, Stuxnet and one to be named, this session will discuss some of the traits and new techniques associated with these APT’s.  This session also discuss mainstream threats and how they are adapting to new technologies.  Understanding some of the new methodologies and how they are being delivered is the first step to countering them and mitigating their risks.  This presentation will enable executives, management and leaders to better understand and communicate the risks that currently exist to our IT environments.
 
  
 +
'''Who:''' Rafal Los, Chief Security Evangelist for Hewlett-Packard Software
  
'''Who:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
+
Rafal Los combines nearly 15 years of subject-matter expertise in information security with a critical business risk management perspective. From technical research to building and implementing enterprise application security programs, Rafal has a track record with organizations of diverse sizes and verticals.  He is a featured speaker at events around the globe, and has presented at events produced by OWASP, ISSA, Black Hat,  and SANS among many others. He stays active in the community by writing, speaking and contributing research, representing HP in OWASP, the Cloud Security Alliance and other industry groups.
  
John R. Hill is a Principal Security Strategist at Symantec Corporation.  His career in information security and network infrastructure spans over 19 years as an industry veteran.  Mr. Hill provides strategy, direction and leadership relating to advance security concepts and new technologies for clients and partners on behalf of Symantec Corporation.
 
  
+
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
  
Symantec is a global leader in proving security, storage and systems management solutions to help customers secure and manage their information against risks. Symantec's unique focus is to eliminate risk to information, technology and processes independent of the device, platform, interaction or location.
+
[http://www.richlandcollege.edu/map/ Map]
  
 
  
Prior to Symantec, Mr. Hill was the Director of Product Strategy and Marketing for the encryption startup Mobile Armor, which was acquired by Trend Micro in February of 2010. At Mobile Armor, he provided C-level guidance for product strategy, product development, and along with analysis of critical business and market intelligence.  His role also focused on directing national communications and marketing.
+
=== Previous Meetings ===
  
+
== March Meeting ==
 +
'''When:''' Wednesday March 5, 2014 from 11:30 AM – 1:00 PM
  
Preceding Mobile Armor, Mr. Hill was a Security Evangelist and Product Line Executive for McAfee, Inc., now Intel Corporation. While there he communicated product messaging and strategy for events, CXO level clients, analysts, media and key market influencers.  Mr. Hill also advised product management teams on market trends and provided gap analysis within product lines.
+
'''Topic: ''' OWASP Dallas basic Python tutorial
  
+
'''Who:''' Matt Parsons, CISSP MSM
  
Previous to joining McAfee, Mr. Hill worked several years for Internet Security Systems, now IBM, communicating industry best practices and security awareness.  His responsibilities included reviewing and consulting on enterprise security related issues and threats.  Along with his history in the security industry, Mr. Hill formerly worked for Enterasys Networks and Cabletron Systems. While in the networking industry, Mr. Hill helped Fortune 100 companies to architect and implement globally connected networks.
+
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
  
+
== September Meeting ==
 +
'''When:''' Wednesday September 11, 2013 from 11:30 AM – 1:00 PM
  
John is also a professional speaker and has presented at numerous CIO summits, leading industry conferences and events for enterprise organizations and various branches of the US Military and Government.
+
'''Topic: ''' PCI Mobile Payment Acceptance Security Guidelines for Developers
  
+
'''Who:''' Ralph Spencer Poore, Director, Emerging Standards at PCI Security Standards Council
  
Mr. Hill also holds a Bachelor of Science Degree from Texas A&M University.
+
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
  
 +
'''Slides''': [[Media:Dallas OWASP 9-11-2013.pdf]]
  
'''Where:'''  
+
== May Meeting ==
 +
'''When:''' Wednesday May 8, 2013 from 11:30 AM – 1:00 PM
  
Richland College
+
'''Topic: ''' Implementation Patterns for Software Security Programs
  
12800 Abrams Road
+
'''Who:''' Dan Cornell, Principal, Denim Group
  
Dallas, TX 75243
+
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
  
 +
[http://www.richlandcollege.edu/map/ Map]
  
Room: Sabine Hall: SH118
+
== February Meeting ==
 +
'''When:''' Wednesday February 6, 2013 from 11:30 AM – 1:00 PM
  
 +
'''Topic: ''' Using Webappsec Vulns to Break Censorship
 +
 +
'''Who:''' Robert Hansen, a.k.a. rsnake
 +
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
  
 
[http://www.richlandcollege.edu/map/ Map]
 
[http://www.richlandcollege.edu/map/ Map]
  
 +
== November Meeting ==
 +
'''When:''' Wednesday November 7, 2012 from 11:30 AM – 1:00 PM
  
Don't forget to bring your lunch!
+
'''Topic: ''' Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape
  
 +
'''Who:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
 +
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118
 +
 +
[http://www.richlandcollege.edu/map/ Map]
  
 
== October Meeting ==
 
== October Meeting ==
Line 239: Line 253:
 
==== Presentation Archives  ====
 
==== Presentation Archives  ====
  
 +
== November 7, 2012 ==
 +
 +
'''Title: ''' Internet Security Threat Report
 +
 +
'''Speaker:''' John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec
 +
 +
'''Slides''':
 +
[[Media:Symantec_ISTR_17.pdf‎]]
  
 
==February 1, 2012==
 
==February 1, 2012==

Revision as of 20:32, 7 August 2014

OWASP Dallas

Welcome to the Dallas chapter homepage. The chapter leaders are

Chapter Lead- Matt Parsons

Hospitality/Facilities Lead- Rik Jones

Membership Lead- Norm Smith

Speakers Lead- Peter Perfetti

Technology Lead- JD Smith

Web Lead- Jeromme Lawler

Board Member- Tim Shelton



Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

THANKS TO OUR SPONSORS: The Dallas Chapter of OWASP would like to thank Richland College for hosting our meetings.

Get Connected and Stay Connected

In addition to our Mailing List we also have a Dallas OWASP Twitter Feed a Dallas OWASP Facebook Page and a Dallas OWASP Linkedin Group. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.

Click any of the links below to visit the corresponding Dallas OWASP social networking groups:

Join the list.png Follow-us-on-twitter.png Join-us-on-Facebook.jpg Linkedin-button.gif


Announcements

October Meeting

When: Wednesday October 1, 2014 from 11:30 AM – 1:00 PM


Topic: Succeeding with Enterprise Software Security Key Performance Indicators

Enterprise software security has been a hot topic for over a decade, yet enterprises of all sizes continue to fail at explaining measurable gains, but why? The answer lies in what and how it is measured. Success begins with realistic, business-aligned KPIs which can be effectively measured to demonstrate improvement, or lack thereof. Come learn what, and how to effectively measure software security.


Who: Rafal Los, Chief Security Evangelist for Hewlett-Packard Software

Rafal Los combines nearly 15 years of subject-matter expertise in information security with a critical business risk management perspective. From technical research to building and implementing enterprise application security programs, Rafal has a track record with organizations of diverse sizes and verticals. He is a featured speaker at events around the globe, and has presented at events produced by OWASP, ISSA, Black Hat, and SANS among many others. He stays active in the community by writing, speaking and contributing research, representing HP in OWASP, the Cloud Security Alliance and other industry groups.


Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map


Previous Meetings

March Meeting

When: Wednesday March 5, 2014 from 11:30 AM – 1:00 PM

Topic: OWASP Dallas basic Python tutorial

Who: Matt Parsons, CISSP MSM

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

September Meeting

When: Wednesday September 11, 2013 from 11:30 AM – 1:00 PM

Topic: PCI Mobile Payment Acceptance Security Guidelines for Developers

Who: Ralph Spencer Poore, Director, Emerging Standards at PCI Security Standards Council

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Slides: Media:Dallas OWASP 9-11-2013.pdf

May Meeting

When: Wednesday May 8, 2013 from 11:30 AM – 1:00 PM

Topic: Implementation Patterns for Software Security Programs

Who: Dan Cornell, Principal, Denim Group

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map

February Meeting

When: Wednesday February 6, 2013 from 11:30 AM – 1:00 PM

Topic: Using Webappsec Vulns to Break Censorship

Who: Robert Hansen, a.k.a. rsnake

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map

November Meeting

When: Wednesday November 7, 2012 from 11:30 AM – 1:00 PM

Topic: Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape

Who: John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

October Meeting

When: Wednesday October 3, 2012 from 11:30 AM – 1:00 PM

Topic: Exploitation Techniques and Mitigation

Who: James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

September Meeting

When: Wednesday September 12, 2012 from 11:30 AM – 1:00 PM

Topic: The Importance of Application Security.

Who: Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

August Meeting

When: Wednesday August 1, 2012 from 11:30 AM – 1:00 PM

Topic: Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web.

Who: Derek Soeder, founder, Ridgeway Internet Security

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

Slides: Media:Malicious Math - Final.pptx‎

July Meeting

When: Wednesday July 11, 2012 from 11:30 AM – 1:00 PM

Topic: Reinventing Dynamic Testing: Real-Time Hybrid

Who: Adam Hils; Senior Product Manager HP Enterprise Security Products

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

June Meeting

When: Wednesday June 6, 2012 from 11:30 AM – 1:00 PM

Topic: Is There An End to Testing Ourselves Secure?

Who: Rohit Sethi; Vice President, Product Development, SD Elements

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

May Meeting

When: Wednesday, May 2, 2012 from 11:30 AM to 1:00 PM

Topic: OWASP and PCI DSS Requirement 6.5

OWASP and PCI DSS Requirement 6.5. Keeping current with the OWASP top 10 and how it impacts companies PCI compliance and training. Tony will discuss how McAfee complies to the requirement and how McAfee must make changes to match the current top 10 as well has making sure that developers keep up to date on training.

Who: Tony Gunn; Director of Security Operations for McAfee

Where: North Lake College (Central Campus) 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: A Room: 206

Map

March Meeting

When: March 7, 2012, 11:30am - 1:00pm

Topic: AAA for Hybrid Cloud Environment

During this session, presented by Symplified, we will explore four areas of interest.

Web, SaaS, Mobile Application Adoption Protecting sensitive data WAM for the Public Cloud Identity Sprawl

Who: Cullen Landrum, CISSP is a Senior Systems Engineer at Symplified.

Where: North Lake College (Central Campus), 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: A Room: 206

Map

February Meeting

When: February 1, 2012, 11:30am - 1:00pm

Topic: Web Application Vulnerability Testing with Nessus

Who: Rik A. Jones is a Senior Information Security Analyst for the Dallas County Community College District (DCCCD)

Where: SMU Caruth Hall Palmer Conference Center / 406 Caruth Hall 3145 Dyer Street Dallas, Texas 75205

Map (Caruth Hall is building 44 on the campus map link.)

January Meeting

When: January 11, 2012, 11:30am - 1:00pm

Topic: OWASP TOP 10

Power point demonstration of OWASP Top Ten Web Application Security Vulnerabilities with actual hacking examples. This presentation will cover such vulnerabilities as SQL injection, XSS and CSRF. Discussion, hands on exercise and question and answer session.

Who: Matt Parsons, VP Parsons Software Security Consulting

Where: North Lake College (Central Campus) 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: G Room: 405

Map


Presentation Archives

November 7, 2012

Title: Internet Security Threat Report

Speaker: John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec

Slides: Media:Symantec_ISTR_17.pdf‎

February 1, 2012

Title: Web Application Vulnerability Testing with Nessus

Speaker: Rik A. Jones, Senior Information Security Analyst for the Dallas County Community College District (DCCCD)

Slides: Media:Web Application Vul Testing with Nessus 2012.02.01.pdf‎
Media:OWASP Broken Web Applications 2012.02.01.pdf‎

January 11, 2012

Title: OWASP TOP 10

Speaker: Matt Parsons, VP Parsons Software Security Consulting

Slides: Media:OWASPtopTen.pdf‎