Difference between revisions of "Dallas"

From OWASP
Jump to: navigation, search
m
 
(21 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Chapter Template|chaptername=Dallas|extra=The chapter leaders are
 
{{Chapter Template|chaptername=Dallas|extra=The chapter leaders are
 
   
 
   
Chapter Lead- [mailto:mparsons@parsonsisconsulting. Matt Parsons]
+
Chapter Lead- [mailto:mparsons@parsonsisconsulting.com Matt Parsons]
  
 
Hospitality/Facilities Lead- [mailto:rikjones@dcccd.edu Rik Jones]
 
Hospitality/Facilities Lead- [mailto:rikjones@dcccd.edu Rik Jones]
  
Membership Lead- [mailto:norm.smith75022@gmail.com Norm Smith]
+
Web Lead- [mailto:jeromme.lawler@astechconsulting.com Jeromme Lawler]
  
Speakers Lead- [mailto:pperfetti@impactsecurityllc.com Peter Perfetti]
+
Board Member- [mailto:dsheridan@cigital.com Denis Sheridan]
  
Technology Lead- [mailto:mynoralva@gmail.com Mynor Alvarado]  
+
Board Member- [mailto:steve.horstman@gs.com Steve Horstman]
  
Web Lead- [mailto:jeromme.lawler@astechconsulting.com Jeromme Lawler]
 
  
Board Member- [mailto:tshelton@hawkdefense.com Tim Shelton]
 
  
 
<br>
 
<br>
Line 36: Line 34:
  
  
 
+
=== Announcements  ===
==== Announcements  ====
+
  
 
== September Meeting ==
 
== September Meeting ==
  
'''When:''' Wednesday September 11, 2013 from 11:30 AM 1:00 PM  
+
'''When:''' Thursday September 17th, 2015 from 5:30PM 6:30 PM
  
 +
'''Topic: ''' Application Security Trends
  
'''Topic: ''' PCI Mobile Payment Acceptance Security Guidelines for Developers
+
Securing web applications and their supporting services is a challenging task. According to the 2015 Verizon Data Breach Investigations Report (DBIR), the top three industries affected were the same as the previous years: Public, Information and Financial Services. City-data.com states, these are also major economic sectors in the Dallas area. The DBIR also concludes, in 60% of cases, attackers were able to compromise an organization within minutes. Ultimately, more can be done to safeguard applications.
  
The presentation will include a brief introduction to the PCI Mobile Payment Acceptance Security Guidelines documents. It then describes how Open Web Application Security Project (OWASP) guidance, especially that of the OWASP Mobile Security Project, was referenced in the PCI Mobile Payment Acceptance Security Guidelines for Developers document. Additionally, this discusses the state of national and international standards that may influence mobile security.
+
There are several techniques one can implement to protect applications that consume inbound data. Some defensive strategies have been around for some time, whereas others are emerging. This talk will take a look at current and emerging standards and trends that software development teams can use. Today, it is not always clear how a team should proceed to secure the code responsible for handling inbound data. You'll get a better idea of what works, what's promising and what's missing.
  
 +
'''Who:'''  Stephen Pasco is a Vice President of Application Risk at Goldman Sachs based in Irving where he is currently focused on vulnerability testing. Prior to joining Goldman Sachs Stephen was employed at Disney on the Security and Compliance Team where he performed security/application vulnerability assessments. He also architected and developed security tools, wrote policies, and managed software security fixes. One aspect of that job was to frequently visit Disneyland parks searching for WiFi vulnerabilities.
  
'''Who:''' Ralph Spencer Poore, Director, Emerging Standards at PCI Security Standards Council
+
'''Where:''' 6011 Connection Drive, Irving, TX 75039. Volunteers will be onsite to escort you from the lobby to the meeting room.
  
Ralph has over 35 years of information security experience including over twenty years of applied cryptography.  He has written extensively on information security and cryptography; his work is cited in academic papers, national standards, professional journals, and books.  He came to PCI SSC from a small business that was a QSAC where he was a QSA.  In various capacities, he designed and lead teams of developers in cryptographic system projects resulting in patents of systems based on cryptography, e.g., Patent 6,202,933 "Transaction card and methods and apparatus therefor," issued on March 20, 2001, and Patent 20050114218 “Third party privacy system,” issued on May 26, 2005.  In support of classified government projects, assisted in the development of cryptanalytic tools.  Ralph has extensive experience in financial services industry, national and international standards development.
+
http://meetu.ps/2LJV7r
  
 +
 +
== October Meeting ==
 +
 +
'''When:''' Wednesday October 7th, 2015 from 11:30 AM – 1:00 PM
 +
 +
'''Topic: ''' Anatomy of a Logic Flaw
 +
 +
Traditional vulnerabilities like SQL Injection, buffer overflows, etc, have well established techniques for discovery and prevention. On the other hand, logic flaws are incredibly diverse and often unique to the specific application or business organization. Because of this, logic flaws have taken on a near mythical status. In the myth, logic flaws are nearly impossible to find until the elite of the elite hackers launch an attack to completely own the application.
 +
 +
The reality is far different; logic flaws are not the complex nightmare that many have made them out to be. This presentation will use real-world examples to show how logic flaws are typically introduced into an application, how they can be consistently detected during testing, and how they can be prevented during development. Instead of hoping for magic, repeatable processes will be outlined for each of those items. This will prove beneficial to anyone responsible for application security: programmers, architects, managers, and pen testers.
 +
 +
'''Who:'''  Charles Henderson is the Vice President of Managed Security Testing at Trustwave. He has been in the information security industry for over twenty years. Over that time, he and his teams have specialized in network penetration testing, application penetration testing, physical security testing, and incident response. His team's clients range from the largest on the Fortune lists to small and midsized companies interested in improving their security posture. Henderson routinely speaks at various conferences (including Black Hat, DEF CON, RSA, SOURCE, OWASP AppSec USA and Europe, FROC, and Merchant Risk Council) around the world on various subject matters relating to security testing and incident response.
 +
 +
'''Where:''' North Lake College Central Campus, 5001 North MacArthur Boulevard, Irving, Texas 75038, Room: A-215
 +
 +
[http://www.northlakecollege.edu/pages/central-campus.aspx Map]
 +
 +
 +
=== Previous Meetings  ===
 +
 +
 +
== May Meeting ==
 +
 +
'''When:''' Wednesday May 6, 2015 from 11:30 AM – 1:00 PM
 +
 +
'''Topic: ''' The Future of Mobile Payments: Secure Mobile Architecture
 +
 +
'''Who:'''  Denis M. Sheridan is a Managing Consultant at Cigital. 
 +
 +
'''Where:''' North Lake College Central Campus, 5001 North MacArthur Boulevard, Irving, Texas 75038, Room: A-215
 +
 +
== October Meeting ==
 +
'''When:''' Wednesday October 1, 2014 from 11:30 AM – 1:00 PM
 +
 +
'''Topic: '''Succeeding with Enterprise Software Security Key Performance Indicators
 +
 +
'''Who:''' Rafal Los, Director, Office of the CISO
  
 
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117  
 
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117  
  
 +
== March Meeting ==
 +
'''When:''' Wednesday March 5, 2014 from 11:30 AM – 1:00 PM
  
[http://www.richlandcollege.edu/map/ Map]
+
'''Topic: ''' OWASP Dallas basic Python tutorial
 +
 
 +
'''Who:''' Matt Parsons, CISSP MSM
 +
 
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
 +
 
 +
== September Meeting ==
 +
'''When:''' Wednesday September 11, 2013 from 11:30 AM – 1:00 PM
 +
 
 +
'''Topic: ''' PCI Mobile Payment Acceptance Security Guidelines for Developers
 +
 
 +
'''Who:''' Ralph Spencer Poore, Director, Emerging Standards at PCI Security Standards Council
 +
 
 +
'''Where:''' Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117
  
 +
'''Slides''': [[Media:Dallas OWASP 9-11-2013.pdf]]
  
 
== May Meeting ==
 
== May Meeting ==

Latest revision as of 10:06, 25 August 2015

OWASP Dallas

Welcome to the Dallas chapter homepage. The chapter leaders are

Chapter Lead- Matt Parsons

Hospitality/Facilities Lead- Rik Jones

Web Lead- Jeromme Lawler

Board Member- Denis Sheridan

Board Member- Steve Horstman




Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

THANKS TO OUR SPONSORS: The Dallas Chapter of OWASP would like to thank Richland College for hosting our meetings.

Get Connected and Stay Connected

In addition to our Mailing List we also have a Dallas OWASP Twitter Feed a Dallas OWASP Facebook Page and a Dallas OWASP Linkedin Group. We invite you to join or follow whichever groups suit you, get involved with your fellow Dallas OWASP Chapter members, and we'll keep them all up to date with the latest official news and announcements from the chapter leadership.

Click any of the links below to visit the corresponding Dallas OWASP social networking groups:

Join the list.png Follow-us-on-twitter.png Join-us-on-Facebook.jpg Linkedin-button.gif


Announcements

September Meeting

When: Thursday September 17th, 2015 from 5:30PM – 6:30 PM

Topic: Application Security Trends

Securing web applications and their supporting services is a challenging task. According to the 2015 Verizon Data Breach Investigations Report (DBIR), the top three industries affected were the same as the previous years: Public, Information and Financial Services. City-data.com states, these are also major economic sectors in the Dallas area. The DBIR also concludes, in 60% of cases, attackers were able to compromise an organization within minutes. Ultimately, more can be done to safeguard applications.

There are several techniques one can implement to protect applications that consume inbound data. Some defensive strategies have been around for some time, whereas others are emerging. This talk will take a look at current and emerging standards and trends that software development teams can use. Today, it is not always clear how a team should proceed to secure the code responsible for handling inbound data. You'll get a better idea of what works, what's promising and what's missing.

Who: Stephen Pasco is a Vice President of Application Risk at Goldman Sachs based in Irving where he is currently focused on vulnerability testing. Prior to joining Goldman Sachs Stephen was employed at Disney on the Security and Compliance Team where he performed security/application vulnerability assessments. He also architected and developed security tools, wrote policies, and managed software security fixes. One aspect of that job was to frequently visit Disneyland parks searching for WiFi vulnerabilities.

Where: 6011 Connection Drive, Irving, TX 75039. Volunteers will be onsite to escort you from the lobby to the meeting room.

http://meetu.ps/2LJV7r


October Meeting

When: Wednesday October 7th, 2015 from 11:30 AM – 1:00 PM

Topic: Anatomy of a Logic Flaw

Traditional vulnerabilities like SQL Injection, buffer overflows, etc, have well established techniques for discovery and prevention. On the other hand, logic flaws are incredibly diverse and often unique to the specific application or business organization. Because of this, logic flaws have taken on a near mythical status. In the myth, logic flaws are nearly impossible to find until the elite of the elite hackers launch an attack to completely own the application.

The reality is far different; logic flaws are not the complex nightmare that many have made them out to be. This presentation will use real-world examples to show how logic flaws are typically introduced into an application, how they can be consistently detected during testing, and how they can be prevented during development. Instead of hoping for magic, repeatable processes will be outlined for each of those items. This will prove beneficial to anyone responsible for application security: programmers, architects, managers, and pen testers.

Who: Charles Henderson is the Vice President of Managed Security Testing at Trustwave. He has been in the information security industry for over twenty years. Over that time, he and his teams have specialized in network penetration testing, application penetration testing, physical security testing, and incident response. His team's clients range from the largest on the Fortune lists to small and midsized companies interested in improving their security posture. Henderson routinely speaks at various conferences (including Black Hat, DEF CON, RSA, SOURCE, OWASP AppSec USA and Europe, FROC, and Merchant Risk Council) around the world on various subject matters relating to security testing and incident response.

Where: North Lake College Central Campus, 5001 North MacArthur Boulevard, Irving, Texas 75038, Room: A-215

Map


Previous Meetings

May Meeting

When: Wednesday May 6, 2015 from 11:30 AM – 1:00 PM

Topic: The Future of Mobile Payments: Secure Mobile Architecture

Who: Denis M. Sheridan is a Managing Consultant at Cigital.

Where: North Lake College Central Campus, 5001 North MacArthur Boulevard, Irving, Texas 75038, Room: A-215

October Meeting

When: Wednesday October 1, 2014 from 11:30 AM – 1:00 PM

Topic: Succeeding with Enterprise Software Security Key Performance Indicators

Who: Rafal Los, Director, Office of the CISO

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

March Meeting

When: Wednesday March 5, 2014 from 11:30 AM – 1:00 PM

Topic: OWASP Dallas basic Python tutorial

Who: Matt Parsons, CISSP MSM

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

September Meeting

When: Wednesday September 11, 2013 from 11:30 AM – 1:00 PM

Topic: PCI Mobile Payment Acceptance Security Guidelines for Developers

Who: Ralph Spencer Poore, Director, Emerging Standards at PCI Security Standards Council

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Slides: Media:Dallas OWASP 9-11-2013.pdf

May Meeting

When: Wednesday May 8, 2013 from 11:30 AM – 1:00 PM

Topic: Implementation Patterns for Software Security Programs

Who: Dan Cornell, Principal, Denim Group

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map

February Meeting

When: Wednesday February 6, 2013 from 11:30 AM – 1:00 PM

Topic: Using Webappsec Vulns to Break Censorship

Who: Robert Hansen, a.k.a. rsnake

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH117

Map

November Meeting

When: Wednesday November 7, 2012 from 11:30 AM – 1:00 PM

Topic: Flame, Stuxnet, One to be Named and the Elderwood Project - Today’s Threat Landscape

Who: John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

October Meeting

When: Wednesday October 3, 2012 from 11:30 AM – 1:00 PM

Topic: Exploitation Techniques and Mitigation

Who: James McFadyen, Information Security Engineer and Director of Customer Support at HAWK Network Defense, Inc

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

September Meeting

When: Wednesday September 12, 2012 from 11:30 AM – 1:00 PM

Topic: The Importance of Application Security.

Who: Peter Perfetti; Director, Security Services & Operations IMPACT Security, LLC

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

August Meeting

When: Wednesday August 1, 2012 from 11:30 AM – 1:00 PM

Topic: Malicious Math: Recent Real-World Cryptographical and Computational Threats on the Web.

Who: Derek Soeder, founder, Ridgeway Internet Security

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

Slides: Media:Malicious Math - Final.pptx‎

July Meeting

When: Wednesday July 11, 2012 from 11:30 AM – 1:00 PM

Topic: Reinventing Dynamic Testing: Real-Time Hybrid

Who: Adam Hils; Senior Product Manager HP Enterprise Security Products

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

June Meeting

When: Wednesday June 6, 2012 from 11:30 AM – 1:00 PM

Topic: Is There An End to Testing Ourselves Secure?

Who: Rohit Sethi; Vice President, Product Development, SD Elements

Where: Richland College, 12800 Abrams Road, Dallas, TX 75243, Room: Sabine Hall: SH118

Map

May Meeting

When: Wednesday, May 2, 2012 from 11:30 AM to 1:00 PM

Topic: OWASP and PCI DSS Requirement 6.5

OWASP and PCI DSS Requirement 6.5. Keeping current with the OWASP top 10 and how it impacts companies PCI compliance and training. Tony will discuss how McAfee complies to the requirement and how McAfee must make changes to match the current top 10 as well has making sure that developers keep up to date on training.

Who: Tony Gunn; Director of Security Operations for McAfee

Where: North Lake College (Central Campus) 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: A Room: 206

Map

March Meeting

When: March 7, 2012, 11:30am - 1:00pm

Topic: AAA for Hybrid Cloud Environment

During this session, presented by Symplified, we will explore four areas of interest.

Web, SaaS, Mobile Application Adoption Protecting sensitive data WAM for the Public Cloud Identity Sprawl

Who: Cullen Landrum, CISSP is a Senior Systems Engineer at Symplified.

Where: North Lake College (Central Campus), 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: A Room: 206

Map

February Meeting

When: February 1, 2012, 11:30am - 1:00pm

Topic: Web Application Vulnerability Testing with Nessus

Who: Rik A. Jones is a Senior Information Security Analyst for the Dallas County Community College District (DCCCD)

Where: SMU Caruth Hall Palmer Conference Center / 406 Caruth Hall 3145 Dyer Street Dallas, Texas 75205

Map (Caruth Hall is building 44 on the campus map link.)

January Meeting

When: January 11, 2012, 11:30am - 1:00pm

Topic: OWASP TOP 10

Power point demonstration of OWASP Top Ten Web Application Security Vulnerabilities with actual hacking examples. This presentation will cover such vulnerabilities as SQL injection, XSS and CSRF. Discussion, hands on exercise and question and answer session.

Who: Matt Parsons, VP Parsons Software Security Consulting

Where: North Lake College (Central Campus) 5001 N. MacArthur Blvd. Irving, TX 75038 Phone: 972-273-3000 Building: G Room: 405

Map


Presentation Archives

November 7, 2012

Title: Internet Security Threat Report

Speaker: John R. Hill, CISSP, Principal Security Strategist Security Business Practice Symantec

Slides: Media:Symantec_ISTR_17.pdf‎

February 1, 2012

Title: Web Application Vulnerability Testing with Nessus

Speaker: Rik A. Jones, Senior Information Security Analyst for the Dallas County Community College District (DCCCD)

Slides: Media:Web Application Vul Testing with Nessus 2012.02.01.pdf‎
Media:OWASP Broken Web Applications 2012.02.01.pdf‎

January 11, 2012

Title: OWASP TOP 10

Speaker: Matt Parsons, VP Parsons Software Security Consulting

Slides: Media:OWASPtopTen.pdf‎