OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email James McGovern with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.
April 30th 2009
Food and Beverages for this event are sponsored by: Veracode
OPENING REMARKS: 5:00 - 5:15 PM
James McGovern, OWASP Hartford Chapter Leader
RECRUITING ELITE IT TALENT: 5:15 - 6:00 PM
Jordan Haberfield (Agile Elephant), SVP of System One
FOOD BREAK: 6:00 - 6:15 PM
DETECTING BACKDOORS IN WEB APPLICATIONS: 6:15 - 7:00 PM
Chris Wysopal CTO, Veracode
System One provides technical outsourcing solutions to clients in the energy, engineering, information technology and scientific sectors. Combining national recruiting capabilities and local market expertise, we are the go-to, single source firm for clients looking to attract, select and retain a quality workforce.
System One advises clients on recruiting strategy and organizational effectiveness. We also help skilled professionals advance their careers. The result — carefully-matched hires, well-executed projects, and effective resource management.
Chris Wysopal, Veracode’s CTO, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software.
Jun 10th 2009
We are seeking a sponsor for food and beverages. Alternatively donations are appreciated.
OPENING REMARKS: 5:00 - 5:15 PM
James McGovern, OWASP Hartford Chapter Leader
BEST PRACTICES FOR NETWORK SECURITY: IF YOU ONLY KNEW WHAT HACKERS CAN DO! : 5:15 - 6:00 PM
Kent Browne, Security Solutions Architect for IBM
FOOD BREAK: 6:00 - 6:15 PM
THE ANATOMY OF SECURITY DISASTERS: 6:15 - 7:00 PM
Marcus Ranum CTO, Tenable Security
Noted participant in the security arena for over 20 years, Kent is widely recognized as an authority on security issues with unique perspectives on such topics as "the need for policies and procedures", "honeypots on the net", "protecting your children", "hacktivism", "hackers and ethics", and many others. Featured guest on Television (BBC, RAI, ABC News, Silicon Spin, etc.), Radio and in magazines (Computer World, Business News, New York Times etc.) Kent is currently Security Solutions Architect for IBM.
Marcus J. Ranum, Chief Security Officer of Tenable Security, Inc., is a world-renowned expert on security system design and implementation. Since the late 1980's, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences.
OWASP AppSec Executive Summit (October 2009)
Please visit our sponsors session, if you are interested in having a booth at this event
FRAMEWORK-LEVEL THREAT ANALYSIS: ADDING SCIENCE TO THE ART OF SOURCE CODE REVIEW: 1:00 - 1:45 PM
Mary Ann Davidson, CISO of Oracle
OFFSHORING APPLICATION DEVELOPMENT: SECURITY IS STILL YOUR PROBLEM: 1:45 - 2:30 PM
Rohyt Belani, Intrepridus Group
The STATE OF SOFTWARE DEVELOPMENT: 2:45 - 3:30 PM
Grady Booch, Fellow at IBM
INTO THE BREACH: A WAKEUP CALL FOR CORPORATE AMERICA: 3:30 - 4:15 PM
Michael Santarcangelo, Chief Security Catalyst at Security Catalyst
MARY ANN DAVIDSON
Mary Ann Davidson is the Chief Security Officer at Oracle Corporation, responsible for Oracle product security, as well as security evaluations, assessments and incident handling. She represents Oracle on the Board of Directors of the Information Technology Information Security Analysis Center (IT-ISAC)
Rohyt Belani is a Managing Partner and co-founder of the Intrepidus Group. Prior to founding the Intrepidus Group, Rohyt started and ran Mandiant’s New York City operations. During the last 7 years, he has worked at premier information security organizations like Foundstone and the US-CERT. Rohyt is a regular speaker at various industry conferences, including Black Hat, OWASP, Hack-In-The-Box, InfoSec World, and several forums catering to the FBI and US Secret Service agents. He currently teaches a class at Carnegie Mellon University, and has been invited to guest lecture at the University of Wisconsin on the topic of information security.
Grady Booch is recognized internationally for his innovative work on software architecture, modeling, and software engineering process. His work has improved the effectiveness of software developers worldwide. He has been with Rational Software Corporation as Chief Scientist since its founding in 1980. Grady is one of the original developers of the Unified Modeling Language (UML) and was also one of the original developers of several of Rational's products including Rational Rose. Grady has served as architect and architectural mentor for numerous complex software systems around the world.
Michael Santarcangelo is a human catalyst*. An expert who speaks on information protection – including compliance, privacy and awareness – Michael energizes and inspires his audiences to change the way they protect information.
Michael is known for delivering simple and effective strategies that get results. He connects with audiences in a way that makes security relevant, easy to understand and achievable! With wit and clarity, he freely shares unique insights, innovative approaches and effective solutions that are informed by both experience and research.
UPCOMING 2009 EVENTS
June 2009 Kent Browne of IBM Gerald Beuchelt of Sun
FRAMEWORK-LEVEL THREAT ANALYSIS: ADDING SCIENCE TO THE ART OF SOURCE CODE REVIEW: 3:30 - 4:15 PM
Rohit Sethi, Security Compass
Rohit Sethi, Manager of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). Mr. Sethi is a frequent guest speaker and instructor at several conferences, including RSA, Shmoocon, and CSI. He has written articles for Security Focus and the Web Application Security Consortium (WASC), and has been quoted as an expert in application security for ITWorldCanada and Computer World.
At Security Compass, Rohit teaches students various topics on web application security in cities across North America. He has also managed and performed extensive threat analysis, source code reviews, and penetration testing for clients in financial services, utilities, telecommunications and healthcare.
He is often consulted for his dual expertise in information security and software engineering.
WEB CONFERENCING INFORMATION
We are pleased to present all OWASP meetings via conference call. To listen, the dialin number is 1-218-936-4700 (Passcode 606183). The conference line has a limited number of caller slots, so please be considerate of others and share whenever possible.
Call for Speakers
This is a call for speakers/papers. If we haven't approached you, but you believe you have a significant discovery or new research that the security community would value, or enjoy hearing about, we invite you to submit your presentation topic for serious consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience. Of course, all presentations are expected to challenge the brightest and quickest of attendees - we wouldn't have it any other way.
OWASP is not a vendor fair. Consequently, there will be very little tolerance for commercial content within presentations. Attendees will be encouraged to quell any shameless marketing that is not immediately backed up with rationale for its inclusion.
Some topics of interest for upcoming meetings include (but are not limited to):
- Breaking CAPTCHA
- Hacking Cardspace and Identity 2.0
- Breaking Commercial Software for Fun and Profit
- Tactics for breaking software licensing schemes
- Gaming, the next overlooked security hole
- Hacking Mainframes
- Database rootkits
Agenda: Tuesday, February 10th 2009
OPEN SOURCE IDENTITY SERVICES (The Higgins Project) Mary Ruddy, Meristic
ENABLING STRONGER/MULTI-FACTOR AUTHENTICATION FOR ENTERPRISE APPLICATIONS Ramesh Nagappan, Security Architect at Sun Microsystems
STATE OF WEB APPLICATION SECURITY
Gunnar Peterson, CTO of Artec Group and Twin Cities OWASP
Agenda: Wednesday, November 11th 2008
LIGHTWEIGHT SECURITY USING IDENTITY-BASED ENCRYPTION: 6:00 - 7:00 PM
Richard Eisenberg, Architect at Voltage Security
Agenda: Wednesday, September 24th 2008
Agenda: Wednesday, June 11th 2008
CARDSPACE AND USER CENTRIC IDENTITY Chris Winn, Security Evangelist, Microsoft
Agenda: Wednesday, April 30th 2008
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES Anton Chuvakin, Chief Logging Evangelist, LogLogic
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE Jack Danahy, CTO and Founder, Ounce Labs
Agenda: Thursday, February 28th 2008
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY Chenxi Wang, Principal Analyst, Forrester Research
EXPLOITING ONLINE GAMES Gary McGraw, CTO, Cigital
All meetings are held at the headquarters of The Hartford Financial Services Group (The Hartford), One Hartford Plaza, Hartford CT 06115 in the Tower Building, Atrium Conference Room. Free parking is available in our Tower Ramp Garage.