Difference between revisions of "Hartford"

From OWASP
Jump to: navigation, search
m (November 17th 2009)
Line 8: Line 8:
  
 
If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email [mailto:owasp@jamesmcgovern.com James McGovern] with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.
 
If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email [mailto:owasp@jamesmcgovern.com James McGovern] with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.
 
== Tuesday, October 13th 2009 ==
 
<paypal>Hartford</paypal><br>
 
We are seeking a sponsor for Pizza for this event. This meeting will be held in Tower 22<br>
 
 
OPENING REMARKS: 5:00 - 5:15 PM<br>
 
James McGovern, [http://twitter.com/mcgoverntheory OWASP Hartford Chapter Leader]<br>
 
<br>
 
Cloud Security, a failure on day one! : 5:15 - 6:00 PM<br>
 
Gunnar Peterson, CTO [http://www.artecgroup.net/ Artec]<br>
 
<br>
 
FOOD BREAK: 6:00 - 6:15 PM<br>
 
<br>
 
The convergence of security and privacy: 6:15 - 7:00 PM<br>
 
Michael Waidner, CTO for Security and Distiguished Engineer [http://www.ibm.com/ IBM]<br>
 
<br>
 
'''Gunnar Peterson''' is a visiting scientist at Carnegie Mellon University’s Software Engineering Institute, and a project leader for several OWASP projects on Web Services Security.  He maintains an information security blog at http://1raindrop.typepad.com.
 
<br><br>
 
'''Michael Waidner''' is a Distinguished IBM Engineer with a impressive Security Background and History at IBM as a researcher. He currently leads a number of groups and is the Chairman of IBM's Security Architecture Board.  Under his leadership the team made numerous fundamental contributions to science and IBM's product and services portfolio, in areas such as cryptography, fault tolerance in distributed systems, federated identity management, enterprise privacy management, security governance and risk management. He is a member of the IBM Academy of Technology, a Fellow of the IEEE, and an ACM Distinguished Scientist.
 
  
 
== Tuesday, November 17th 2009 ==
 
== Tuesday, November 17th 2009 ==
Line 53: Line 34:
 
<br><br>
 
<br><br>
 
'''Phil Hunt''' in his day job work on identity management standards for Oracle. He is particularly interested in issues of identity privacy and governance.
 
'''Phil Hunt''' in his day job work on identity management standards for Oracle. He is particularly interested in issues of identity privacy and governance.
 +
 +
== Thursday, December 3rd 2009 ==
 +
<paypal>Hartford</paypal><br>
 +
We would like to thank IBM for sponsoring food and beverages for this event<br>
 +
 +
OPENING REMARKS: 5:00 - 5:15 PM<br>
 +
James McGovern, [http://twitter.com/mcgoverntheory OWASP Hartford Chapter Leader]<br>
 +
<br>
 +
Social Media, Privacy and Data Breaches : 5:15 - 6:00 PM<br>
 +
Ian Glazer, Distinguished Industry Analyst [http://www.burtongroup.com/ Burton Group]<br>
 +
<br>
 +
FOOD BREAK: 6:00 - 6:15 PM<br>
 +
<br>
 +
Social tools are destined for enterprise use. As a means of information sharing, to encourage employee innovation, and as part of strategic learning and talen initiatives, social tools are here to stay. But with these benefits comes risk as well. The abilities of social tools to disclose information is forcing industry to reconsider what constitutes a data breach. In this session you will learn:
 +
 +
*  How social media is a two-sided coin offering benefits and risks
 +
*  How corporate activity and location disclosures represent a risk to the enterprise
 +
*  What should be considered when examining both the personal and enterprise risks of social media
  
 
== Tuesday, February 16th 2010 ==
 
== Tuesday, February 16th 2010 ==
 
<paypal>Hartford</paypal><br>
 
<paypal>Hartford</paypal><br>
 +
We are seeking sponsorship for food and beverages for this event<br>
  
 
OPENING REMARKS: 5:00 - 5:15 PM<br>
 
OPENING REMARKS: 5:00 - 5:15 PM<br>
Line 92: Line 92:
  
 
== Past Events ==
 
== Past Events ==
 +
 +
'''Agenda: Tuesday, October 13th 2009'''<br>
 +
The Convergence of Security and Privacy: Cloud Computing
 +
Michael Waidner, Distinguished IBM Engineer and Security CTO [http://www.ibm.com/ IBM]
  
 
'''Agenda: Monday, September 14th 2009'''<br>
 
'''Agenda: Monday, September 14th 2009'''<br>

Revision as of 12:31, 6 November 2009

Contents

OWASP Hartford

Welcome to the Hartford chapter homepage. The chapter leader is James McGovern
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

funds to OWASP earmarked for Hartford.

Sponsors

We would like to thank Ounce Labs, Veracode, Oracle, CA, The Hartford and Microsoft for their generous sponsorship and helping make application security visible...

If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email James McGovern with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.

Tuesday, November 17th 2009

funds to OWASP earmarked for Hartford.

We would like to thank Sentrigo for sponsoring food and beverages for this event

OPENING REMARKS: 5:00 - 5:15 PM
James McGovern, OWASP Hartford Chapter Leader

Attack your database before others do : 5:15 - 6:00 PM
Todd Desantis, Lead Sales Engineer Sentrigo

In this presentation, we will show typical security flaws found in PL/SQL and Java code due to programmer mistakes. We will demonstrate how to use existing open-source scanning and fuzzing tools to automatically find and flag such flaws, and also demonstrate how creating your own tools in PL/SQL can help you keep your code secure.

You will learn:
1. Common security mistakes developers make
2. How to use open source tools to find those mistakes
3. How to roll out your own PL/SQL fuzzer


FOOD BREAK: 6:00 - 6:15 PM

Project Aristotle: 6:30 - 7:30 PM
Phil Hunt, Project Lead Oracle

Todd P. Desantis Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.

Phil Hunt in his day job work on identity management standards for Oracle. He is particularly interested in issues of identity privacy and governance.

Thursday, December 3rd 2009

funds to OWASP earmarked for Hartford.

We would like to thank IBM for sponsoring food and beverages for this event

OPENING REMARKS: 5:00 - 5:15 PM
James McGovern, OWASP Hartford Chapter Leader

Social Media, Privacy and Data Breaches : 5:15 - 6:00 PM
Ian Glazer, Distinguished Industry Analyst Burton Group

FOOD BREAK: 6:00 - 6:15 PM

Social tools are destined for enterprise use. As a means of information sharing, to encourage employee innovation, and as part of strategic learning and talen initiatives, social tools are here to stay. But with these benefits comes risk as well. The abilities of social tools to disclose information is forcing industry to reconsider what constitutes a data breach. In this session you will learn:

*   How social media is a two-sided coin offering benefits and risks
*   How corporate activity and location disclosures represent a risk to the enterprise
*   What should be considered when examining both the personal and enterprise risks of social media

Tuesday, February 16th 2010

funds to OWASP earmarked for Hartford.

We are seeking sponsorship for food and beverages for this event

OPENING REMARKS: 5:00 - 5:15 PM
James McGovern, OWASP Hartford Chapter Leader

Data Environmentalism: Rethinking our Approach to Data : 5:15 - 6:00 PM
Trevor Hughes, CTO Artec

FOOD BREAK: 6:00 - 6:15 PM
J. Trevor Hughes is the Executive Director of the International Association of Privacy Professionals (IAPP). In this role, Hughes leads the world’s largest association of privacy professionals.

Thursday, July 22nd 2010

funds to OWASP earmarked for Hartford.

TBD

Call for Sponsors/Speakers

This is a call for speakers/papers. If we haven't approached you, but you believe you have a significant discovery or new research that the security community would value, or enjoy hearing about, we invite you to submit your presentation topic for serious consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience. Of course, all presentations are expected to challenge the brightest and quickest of attendees - we wouldn't have it any other way.

OWASP is not a vendor fair. Consequently, there will be very little tolerance for commercial content within presentations. Attendees will be encouraged to quell any shameless marketing that is not immediately backed up with rationale for its inclusion.

Some topics of interest for upcoming meetings include (but are not limited to):

  • Agile Software Development and Security
  • Breaking CAPTCHA
  • Hacking Cardspace and Identity 2.0
  • Breaking Commercial Software for Fun and Profit
  • Tactics for breaking software licensing schemes
  • Gaming, the next overlooked security hole
  • Hacking Mainframes/RACF
  • Database rootkits
  • PCI/DSS Compliance
  • Privacy considerations in software development

funds to OWASP earmarked for Hartford.

Past Events

Agenda: Tuesday, October 13th 2009
The Convergence of Security and Privacy: Cloud Computing Michael Waidner, Distinguished IBM Engineer and Security CTO IBM

Agenda: Monday, September 14th 2009
OWASP: Where we are and where are we going Tom Brennan, OWASP Board Member OWASP

WEB APPLICATION SECURITY ASSURANCE Gregory Gotta, SVP Security CA

Agenda: Wednesday, June 10th 2009
THE ANATOMY OF SECURITY DISASTERS Marcus Ranum, CSO of Tenable Security
Powerpoint presentation is located here

Agenda: Tuesday, April 30th 2009
RECRUITING ELITE IT TALENT Jordan Haberfield (Agile Elephant), SVP of System One

DETECTING BACKDOORS IN WEB APPLICATIONS Chris Wysopal CTO, Veracode

Agenda: Monday, April 13th 2009
AGILE SOFTWARE DEVELOPMENT AND SECURITY: 4:00 - 6:45 PM
Scott Ambler, Agile Practice Leader, IBM
Powerpoint presentation is located here

Agenda: Tuesday, February 10th 2009
OPEN SOURCE IDENTITY SERVICES (The Higgins Project) Mary Ruddy, Meristic

ENABLING STRONGER/MULTI-FACTOR AUTHENTICATION FOR ENTERPRISE APPLICATIONS Ramesh Nagappan, Security Architect at Sun Microsystems

STATE OF WEB APPLICATION SECURITY Gunnar Peterson, CTO of Artec Group and Twin Cities OWASP

Agenda: Wednesday, November 11th 2008
LIGHTWEIGHT SECURITY USING IDENTITY-BASED ENCRYPTION: 6:00 - 7:00 PM
Richard Eisenberg, Architect at Voltage Security

Agenda: Wednesday, September 24th 2008

TOP TEN BOGUS TECH QUOTES OF THE YEAR: 6:00 - 6:45 PM Paul Roberts, Industry Analyst, The 451 Group Powerpoint presentation is located here

MAKING APPLICATIONS SECURE BY REMOVING SECURITY: 6:45 - 7:30 PM Andrew Stone, Senior Manager, Accenture Powerpoint presentation is located here

Agenda: Wednesday, June 11th 2008

CARDSPACE AND USER CENTRIC IDENTITY Chris Winn, Security Evangelist, Microsoft

IDENTITY GOVERNANCE FRAMEWORK Prateek Mishra, Product Manager, Oracle Powerpoint Presentation is here


Agenda: Wednesday, April 30th 2008

THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES Anton Chuvakin, Chief Logging Evangelist, LogLogic

KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE Jack Danahy, CTO and Founder, Ounce Labs


Agenda: Thursday, February 28th 2008

HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY Chenxi Wang, Principal Analyst, Forrester Research

EXPLOITING ONLINE GAMES Gary McGraw, CTO, Cigital

Locations

All meetings are held at the headquarters of The Hartford Financial Services Group (The Hartford), One Hartford Plaza, Hartford CT 06115 in the Tower Building, Atrium Conference Room. Free parking is available in our Tower Ramp Garage.

funds to OWASP earmarked for Hartford.