Difference between revisions of "Houston"

From OWASP
Jump to: navigation, search
 
(53 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Houston|extra=The chapter Leaders are; [mailto:patrick.snyder@owasp.org Patrick Snyder], [mailto:paul.scott@owasp.org Paul Scott], Tyler Borland|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-houston|emailarchives=http://lists.owasp.org/pipermail/owasp-houston}}
+
{{Chapter Template|chaptername=Houston|extra=The chapter Leaders are; [mailto:joseph.konieczka@owasp.org Joseph Konieczka], [mailto:landon.mayo@owasp.org Landon Mayo], [mailto:patrick.snyder@owasp.org Patrick Snyder], [mailto:paul.scott@owasp.org Paul Scott], [mailto:t.borland@owasp.org Tyler Borland], [mailto:tom.cline@owasp.org Tom Cline], [mailto:johnathan.kuskos@owasp.org Johnathan Kuskos]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-houston|emailarchives=http://lists.owasp.org/pipermail/owasp-houston}}
  
 
=Upcoming Events=
 
=Upcoming Events=
<br>
 
  
=====Quick Links=====
+
'''OWASP Houston April Chapter Meeting'''
[http://www.meetup.com/OWASP-Houston/events/128410642/ OWASP Houston August Mini-Con]<br>
+
 
[http://www.meetup.com/OWASP-Houston/events/128411262/ OWASP Houston September Happy Hour]<br>
+
Wed, April 25, 2018 6:30 PM – 8:30 PM
[http://www.meetup.com/OWASP-Houston/events/128411572/ OWASP Houston October Workshop]<br>
+
 
[http://www.meetup.com/OWASP-Houston/events/128412212/ OWASP Houston November Mini-Con]<br>
+
We're once again partnering with the Houston Java Users Group (HJUG) on a topic of interest to both developers and security professionals.
[http://www.meetup.com/OWASP-Houston/ OWASP Houston Chapter (Houston, TX) - Meetup]<br>
+
 
[https://twitter.com/owasphouston/ OWASP Houston (owasphouston) on Twitter]<br>
+
The meeting will be held at PROS and there is plenty of room for everyone there.
=====Upcoming Events=====
+
 
We post new event details to keep you informed.  Our events are open to everyone.
+
Please use this eventbrite link to sign up
<br>
+
 
Formal events such as conferences are limited and require RSVP. Expect quarterly 2013 Mini-Cons in February, May, August, and November. Quarterly Mini-Cons are formal with a minimum of 2 speaking engagements by highly regarded individuals.
+
https://www.eventbrite.com/e/a-phased-approach-to-building-security-automation-into-your-cicd-tickets-44982159851?aff=owasp
<br>
+
 
The Monthly Meetings are less formal and focus on networking, mingling, ideas, and enjoying the overall atmosphere.  Food, refreshments, and beverages are provided.
+
Meeting Location:
<br>
+
 
Additionally, Monthly Meetings will have a short 15-20 minute agenda involving a speech, panel, or workshop. There is always the ever popular lock picking station at each event as well.
+
PROS
<br>
+
 
 +
3100 Main
 +
 
 +
2nd floor, Room B
  
<br>
+
Houston, TX 77002
<br>
 
  
=====OWASP Houston August Mini-Con=====
+
Presentation Title: '''A phased approach to building security automation into your CI/CD'''
=====Thursday, August 15 at 6:00 PM=====
 
<br>
 
You Hear Me Now? Leveraging Mobile Devices on Pentests
 
<br>
 
Sheraton Suites Houston Galleria
 
2400 West Loop S, Houston, TX
 
<br>
 
[http://www.meetup.com/OWASP-Houston/events/128410642/ Details]
 
<br>
 
<br>
 
=====OWASP Houston September Happy Hour=====
 
=====Thursday, September 19 at 6:00 PM=====
 
<br>
 
Please join us at Stag's Head pub on September 19th at 6PM for an OWASP Houston Happy Hour. Drinks are on us while the budget lasts. This will be the last Happy Hour meeting of the year.
 
<br>
 
[http://www.meetup.com/OWASP-Houston/events/128411262 Details]
 
<br>
 
<br>
 
  
=====OWASP Houston October Workshop=====
+
Abstract:
=====Thursday, October 17, 2013=====
 
<br>
 
1706 Yorktown St, Houston, TX
 
Please join us for another OWASP Houston workshop. This will be a hands on exercise in security topics.
 
<br>
 
[http://www.meetup.com/OWASP-Houston/events/128411572/ Details]
 
<br>
 
<br>
 
<br>
 
=====OWASP Houston November Mini-Con=====
 
=====Friday, November 15, 2013=====
 
<br>
 
Sheraton Suites Houston Galleria
 
2400 West Loop S, Houston, TX
 
<br>
 
More details will be added. This will be the last meeting of the 2013 year for OWASP Houston. We will not be meeting in December.
 
<br>
 
[http://www.meetup.com/OWASP-Houston/events/128412212/ Details]
 
<br>
 
<br>
 
  
 +
So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach.
  
=Sponsors=
+
Speaker: '''Mahesh Babu, Head of Product Strategy, Contrast Security'''
'''[https://imperva.com Imperva - Business Security Solutions - Complete Data Security]'''
 
<br>
 
<br>
 
'''[https://alertlogic.com Alert Logic Brings Network Security & Cloud Security Services to You]'''
 
<br>
 
<br>
 
'''[https://www.solidborder.com Solid Border | Network Security Reseller]'''
 
<br>
 
<br>
 
'''[https://barracuda.com Barracuda Networks]'''
 
<br>
 
<br>
 
'''[http://www.stachliu.com/ Stach & Liu]'''
 
<br>
 
<br>
 
'''[https://netflix.com Netflix - Watch TV Shows Online, Watch Movies Online]'''
 
<br>
 
<br>
 
'''[https://secureideas.com/ Secure Ideas -- Professionally Evil]'''
 
<br>
 
<br>
 
<br>
 
<br>
 
  
 +
Speaker Bio:
  
 +
Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.
  
=RSVP=
+
About our venue sponsor:
===RSVP===
 
<hr>
 
Please RSVP @ [http://www.meetup.com/owasp-houston meetup.com OWASP OWASP Houston Chapter] to ensure best accommodations.
 
  
 +
PROS Holdings, Inc. (NYSE: PRO) helps companies around the globe realize their revenue profit potential. PROS is the only company with a solution portfolio that improves top- and bottom-line financial results simultaneously. As the largest publicly traded software company in Houston, PROS is proud of our world-class R&D team that’s more than 300 team members strong. Our company culture values ownership, innovation and a relentless commitment to “We Care.” Ask anyone about the best part of working at PROS, and the answer will be “our people.” PROS employees are the most caring, committed, knowledgeable and talented technology professionals around. We wouldn’t have it any other way.
  
 +
Java is the backbone of all our products. We’re continually looking for ways to remain on the cutting edge of technology, and we’re proud to be supporters and sponsors of Houston’s growing developer community. To find out more about what PROS is all about, please visit our website at www.pros.com.
  
 
=Past Events=
 
=Past Events=
=====OWASP Houston February Mini-Con=====
 
=====Thursday, February 21, 2013 at 6PM CST=====
 
<br>
 
Please join us for our May Mini-Con, 6PM May 16th, at the Sheraton Suites, 2400 W. Loop South, Houston, Texas 77027. We're trying a new location this time. This is a free event, but space is limited. We will be providing food and beverage. Please register for a ticket to confirm your space at the event. If tickets are unavailable, we will have some standing room.
 
<br>
 
We are pleased to annnounce the speakers and topics of the evening...
 
<br>
 
Catching Flies with Mr Miyagi: Web Application Testing Techniques by Kevin Johnson
 
<br>
 
In this talk based loosely around the Karate kid movies, Kevin John (CEO of Secure Ideas) will walk through some techniques to improve your web penetration testing techniques.  Stop being the kid moved from NJ and dropped into a cruddy apartment.  Learn the wax on/off of testing modern web applications.
 
<br>
 
Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes- SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has presented at a large number of conventions, meetings, and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.
 
<br>
 
WTF, WAF Testing Framework by Terry Ray
 
<br>
 
Terry Ray will be presenting an approach to evaluating web application firewall capabilities that is suitable to the real world use case. The methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. He will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment.
 
<br>
 
When and Where?
 
<br>
 
Thursday, May 16th from 6PM-9PM
 
<br>
 
Sheraton Suites
 
<br>
 
2400 W. Loop South
 
<br>
 
Houston, Texas 77027
 
<br>
 
For Directions: (713) 586-2444
 
<br>
 
Seating is limited, so please read these directions carefully:
 
RSVP'ing on meetup.com will not guarantee entry to the event.  This is a limited capacity event.  If you would like to guarantee the availability of a seat please reserve a ticket with Eventbrite @ [https://owasp-houston-may-mini-con.eventbrite.com Reserve a Ticket]
 
<br>
 
<br>
 
  
=====OWASP Houston March Happy Hour=====
+
'''OWASP Houston February Chapter Meeting'''
=====Thursday, March 14, 2013 at 6PM CST=====
+
 
Sponsors:<br>
+
Wed, February 28, 2018
[https://imperva.com Imperva - Business Security Solutions - Complete Data Security]<br>
+
 
[https://alertlogic.com Alert Logic Brings Network Security & Cloud Security Services to You]<br>
+
6:30 PM – 8:30 PM
<br>
+
 
Please join us for an OWASP Houston March Happy Hour.
+
We're once again partnering with the Houston Java Users Group (HJUG) for their annual application security meeting. The meeting will be held at PROS and there is plenty of room for everyone there.
<br>
+
 
More details coming soon.
+
Please use this eventbrite link to sign up. <nowiki>https://hjug02282018.eventbrite.com/?aff=owasp</nowiki>
<br>
+
 
'''When:''' Thursday, March 14, 2013 at 6PM CST
+
Title: App Security Really Will Make You Money!
<br>
+
 
'''Where:''' Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098
+
Description:
<br>
+
 
'''Phone:''' (713) 533-1199
+
When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees.
<br>
+
 
<br>
+
Meeting Location: PROS
<br>
+
 
 +
3100 Main
 +
 
 +
2nd floor
 +
 
 +
Room B
 +
 
 +
Houston, TX 77002
 +
 
 +
Meeting Sponsor: Checkmarx, Inc
 +
 
 +
Checkmarx, founded in 2006, is a leader in application security solutions, having developed the first platform for true Source Code Analysis (SCA) with its marquee solution: Static Application SecurityTesting (SAST). Our mission is in enabling organizations to secure applications from the start, reducing risk and cost along the way.
 +
 
 +
Our platforms offer maximum application security for software developers and security experts throughout the Software Development Life Cycle (SDLC), in both Enterprise and Cloud platform models. Developers advocate for Checkmarx because we enable agile/continuous integration, are easy to use and help them achieve a secure SDLC posture. Security likes us because developers love us…and we also map to the latest security frameworks and compliance mandates.
 +
 
 +
For more information about Checkmarx, visit <nowiki>http://www.checkmarx.com</nowiki> or follow us on twitter: @checkmarx
 +
 
 +
About our venue sponsor:
 +
 
 +
PROS Holdings, Inc. (NYSE: PRO) helps companies around the globe realize their revenue profit potential. PROS is the only company with a solution portfolio that improves top- and bottom-line financial results simultaneously.
 +
 
 +
As the largest publicly traded software company in Houston, PROS is proud of our world-class R&D team that’s more than 300 team members strong. Our company culture values ownership, innovation and a relentless commitment to “We Care.” Ask anyone about the best part of working at PROS, and the answer will be “our people.” PROS employees are the most caring, committed, knowledgeable and talented technology professionals around. We wouldn’t have it any other way.
 +
 
 +
Java is the backbone of all our products. We’re continually looking for ways to remain on the cutting edge of technology, and we’re proud to be supporters and sponsors of Houston’s growing developer community.
 +
 
 +
To find out more about what PROS is all about, please visit our website at www.pros.com.
 +
 
 +
'''OWASP Houston November Chapter Meeting'''
 +
 
 +
Tuesday November 20, 2017
 +
 
 +
Title: Lessons from the Underground:  Identity Theft and Financial Fraud
 +
 
 +
Please join us for another OWASP Houston workshop.
 +
 
 +
Landon Mayo will be leading a lesson on the world of the dark web. He has spent two years researching tactics used to conduct credit card fraud and identity theft.
 +
 
 +
This lesson is designed to educate you on ways to spot the early signs of potential identity theft and financial fraud.  
 +
 
 +
Landon has been in the trenches researching the tactics used by criminals and criminal organizations.
 +
 
 +
'''OWASP Houston July Chapter Meeting'''
 +
 
 +
Tuesday July 18, 2017 at 6:30PM
 +
 
 +
Title: Making Vulnerability Management Less Painful with OWASP DefectDojo
 +
 
 +
DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.
 +
 
 +
Speaker:
 +
 
 +
Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page: <nowiki>https://www.owasp.org/index.php/User:Devgreg</nowiki>
 +
 
 +
=====Tuesday May 23, 2017 at 6:00PM=====
 +
Discussion about OWASP Projects and events 
 +
 
 +
'''OWASP Houston Chapter assisted San Jacinto College Advisory Boards'''
 +
 
 +
March 30 and 31, 2017
 +
 
 +
We had some members of the chapter provide extremely valuable feedback to enhance the college's programs. Thank you to everyone that helped with this effort. We will have more opportunities to be involved with the college.
 +
 
 +
=====OWASP Houston February Chapter Meeting=====
 +
Wednesday February 22, 2017 at 6:00PM
 +
 
 +
Title: Effective Application Security Testing at High Velocity: Keeping up with Agile and DevOps
 +
Speaker: James "Jimmy" Rabon
 +
James Rabon shared lessons learned by working with some of the most advanced and innovative application security customers / programs. Learn how static and dynamic analysis of applications can be made efficient and effective in some of the most dynamic development organizations. See how app sec leaders integrate application security throughout their software development lifecycle and include it in the DevOps tool chain of automation to move security testing at high velocity. Automation is your friend and we will examine where modern security tools are being included in the “treat infrastructure as code” mantra. We’ll also take a look beyond security tools and automation to the people and processes that effective application security programs use to run at high speed. A brief demo will follow for those interested.
 +
 
 +
Speaker Bio:
 +
 
 +
Jimmy Rabon began his career as a software developer for the Computer Sciences Corp before deciding to specialize in application security over seven years ago with Fortify.
 +
He began his career in application security by serving as an on-site subject matter expert for software security and has performed countless security audits of applications (both static and dynamic testing reviews) for several large commercial and government entities. He has enabled organizations that utilized his or his team’s services, to find and fix exploitable vulnerabilities in critical systems.
 +
 
 +
Having worked as a software engineer for many years prior to specializing in application security, he understands the unique challenges that developers face when attempting to deliver secure code and can help deliver effective technology and processes to enable information assurance and development teams to work together to make software as secure as possible.
 +
 
 +
He leads a team of highly skilled application security consultants as the head of HPE Fortify professional services responsible for designing effective software assurance
 +
solutions in the Americas.
 +
 
 +
He is currently a Senior Product Manager with Fortify with a passion for building security products that solve real world problems in the most effective and efficient way possible.
 +
 
 +
 
 +
'''OWASP Houston October Chapter Meeting'''
 +
 
 +
Monday October 17, 2016 at 6:30PM
 +
 
 +
Title: Murder Mystery – Who is Killing your Information Security Program
 +
 
 +
Speaker: Gordon MacKay
 +
 
 +
Presentation Abstract:
 +
 
 +
Integrating vulnerability scanning results into one’s security ecosystem involves a serious hidden challenge which results in heinous consequences, thereby killing your InfoSec program.  This session shares clues on this challenge, step by step, in the form of a murder mystery game, and ultimately reveals the culprit as well as strategies to overcome it.  Come participate, play, and interact! Try to guess “who-dunnit,” and learn how to avoid future similar InfoSec crimes.
 +
 
 +
Speaker Bio
 +
 
 +
Gordon MacKay, CISSP and Software/Systems Guru with a dash of security hacking,serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology. MacKay has presented at numerous security related conferences, including Bsides Austin 2016, BSides San Antonio 2016, BSides Dallas 2015, RSA 2013, ISC2 San Antonio, ISSA Houston, ISACA San Antonio, and has been featured by top media outlets such as CIO Review, FOX Business, Fox News, Softpedia, IT World Canada and others. He holds a Bachelor's in Computer Engineering from McGill University. He is a Distinguished Ponemon Institute Fellow.
 +
 
 +
 
 +
=====OWASP Houston September Chapter Meeting=====
 +
Monday September 19, 2016 at 6:30PM
 +
 
 +
Title:  Web App Testing Stats Compared to The OWASP Top 10
 +
 
 +
Description:
 +
For over seven years, Cigital has performed high volumes of application security assessments through the Cigital Assessment Center (CAC). Over that time the CAC has accumulated a large amount of data that provides helpful insights into software security practices. We’ll present the most common web application security vulnerabilities identified over one year by the CAC, contrasting our findings with one of the industry’s leading benchmarks, the OWASP Top 10.
 +
 
 +
Bio:
 +
Joel Scambray is a Principal at Cigital, a leading software security consulting firm established in 1992. He has helped Fortune 500-class organizations address information security challenges for over twenty years as a consultant, author and speaker, business leader, and entrepreneur. He is widely recognized as co-author of the Hacking Exposed book series, and has worked/consulted for companies including Microsoft, Foundstone, Amazon, Costco, Softcard, and Ernst & Young.
 +
 
 +
 
 +
=====OWASP Houston August Chapter Meeting=====
 +
Monday August 22, 2016 at 6:30PM
 +
 
 +
August speaker and topic - Roger Huebner, Corporate Architect/Distinguished Engineer at NetIQ, will be speaking on Docker and containers. Since so many developers are adopting this approach to deployment and operations teams are also embracing this growing trend, it is important to learn about it so that we can help secure these application containers as well. We had some lively discussion on this topic, so it was definitely well received.
 +
 
 +
 
 +
=====OWASP Houston July 2016 Chapter Meeting=====
 +
Monday July 18, 2016 at 6:30PM
 +
 
 +
Michael F. Angelo, CRISC, CISSP | Chief Security Architect at Micro Focus | NetIQ Corporation went over Threat Modeling basics and philosophy as well of some of the tools that he uses. We had a solid turnout and a great deal of audience participation and discussion.
 +
 
 +
=====OWASP Houston June 2016 Chapter Meeting=====
 +
Monday June 20, 2016 at 6:30PM
 +
 
 +
We met at the NetIQ offices from 6:30-8:30PM on Monday June 20, 2016 to restart the chapter and had a great turnout.
 +
 
 +
Meeting Agenda:
 +
 
 +
1. Introductions of all attendees to gain a solid understanding of backgrounds, interests, and what people would like to learn about.
 +
 
 +
2. Upcoming security related conferences - LASCON in Austin, Cyber Texas in San Antonio
 +
 
 +
3. Major OWASP Projects that have been updated recently or currently being worked on: OWASP Top 10 - 2016 Data Call discussion question review. Proactive Controls, ASVS 3, Developer Guide reboot, OpenSAMM, WAFEC updates, OWASP Testing Guide, WebGoat 7
 +
 
 +
4. Discussion about possible study groups that we want to start having. For example, CISSP or CSSLP certification preparation, Hacking-Live CD interactive sessions. OWASP ZAP workshop (leveraging bodgeit, WebGoat, and Security Shepherd), other books or projects people would like to pursue.
 +
 
 +
5. Topics that people would like to see discussed at the next meeting and how often they would like to meet. Ideally, we could meet once a month for the normal meeting and then at least twice a month for study groups. This has been very successful for the Austin chapter.
  
=====OWASP Houston February Mini Con=====
 
=====Thursday, February 21st, 2013 at 6PM CST=====
 
Sponsors:<br>
 
[https://imperva.com Imperva - Business Security Solutions - Complete Data Security]<br>
 
[https://alertlogic.com Alert Logic Brings Network Security & Cloud Security Services to You]<br>
 
<br>
 
Please join us for an OWASP Houston March Happy Hour.
 
<br>
 
More details coming soon.
 
<br>
 
'''When:''' Thursday, February 21st, 2013 at 6PM CST
 
<br>
 
'''Where:''' Westin Galleria, Imperial Suite
 
<br>
 
<br>
 
<br>
 
  
===OWASP Houston January Workshop===
 
===Thursday, January 31st at 6PM===
 
Sponsored by: Imperva and AlertLogic
 
<br>
 
Join us for an OWASP Houston Workshop.  During this workshop, attendees will be lead through the process of discovering and reporting vulnerabilities.  We will start by reviewing source code for common vulnerabilities.  Once we identify interesting code, we will test the application to confirm our findings.  Finally, we will discuss reporting.  If you would like to participate please bring your laptop.  You should prepare a virtual machine with Linux, Apache, Mysql, and PHP. We will have members helping with virtual machine configurations and assistance.  If you just want to watch, that's fine too.  We look forward to your attendance.
 
<br>
 
'''Sponsored by:''' Imperva, Alert Logic
 
<br>
 
'''When:''' January 31st 2013 (Thursday 6PM - 8PM)
 
<br>
 
'''Where:''' Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098
 
<br>
 
'''Phone:''' (713) 533-1199
 
  
<br>
+
=Sponsors=
<br>
+
'''Micro Focus''' https://software.microfocus.com/en-us/solutions/enterprise-security
===OWASP Houston Kick-Off Meeting (Nov. 19th)===
 
We'll be reviewing survey results and trying to finalize some details like when and where to hold our meetings. If you want to get involved with OWASP Houston now is the time.
 
<br>
 
'''Sponsored by:''' Imperva, Alert Logic
 
<br>
 
'''When:''' November 19th 2012 (Monday 6PM - 8PM)
 
<br>
 
'''Where:''' Stag's Head Pub (Private Room) - 2128 Portsmouth Street Houston, TX 77098
 
<br>
 
'''Phone:''' (713) 533-1199
 
  
 +
'''WhiteHat Security''' https://www.whitehatsec.com/
  
 
<br>
 
<br>
 
<br>
 
<br>
 +
 +
=RSVP=
 +
===RSVP===
 +
<hr />
  
  
  
 +
<br>
 +
<br>
  
 
=Sponsorship Opportunities=
 
=Sponsorship Opportunities=
 
==Sponsorship Opportunities==
 
==Sponsorship Opportunities==
We're always looking for sponsors to help us provide the highest quality experience for our attendees. For sponsoring OWASP Houston we will list your name on our site, mention your sponsorship in all announcements on the mailing list, send us a banner and we'll hang it at the event, and send you some pictures. If you'd like to send someone to attend the event we will make room for a table. We encourage sponsors to have raffles to try and capture leads. Rather than sponsoring just one event consider sponsoring a few from the 2013 series.
+
We're always looking for sponsors to help us provide the highest quality experience for our attendees. For sponsoring OWASP Houston we will list your name on our site, mention your sponsorship in all announcements on the mailing list, send us a banner and we'll hang it at the event, and send you some pictures. If you'd like to send someone to attend the event we will make room for a table. We encourage sponsors to have raffles to try and capture leads. Rather than sponsoring just one event consider sponsoring a few.
  
 
==Opportunity #0 - Workshops==
 
==Opportunity #0 - Workshops==
  
We will have four workshops in 2013. These will be meetings dedicated to hands on education. This could be related to programming a vulnerability scanner, auditing source code, exploiting a vulnerability, or mini-ctf. Your sponsorship of this event includes appetizers and beverages for the attendees. Due to popularity, sponsoring a workshop is a $500 dollar commitment. For $2,000 dollars you can sponsor every workshop of 2013.
+
We are currently mapping out workshops for 2017. These will be meetings dedicated to hands on education. This could be related to programming a vulnerability scanner, auditing source code, exploiting a vulnerability, or mini-ctf. Your sponsorship of this event includes appetizers and beverages for the attendees. Due to popularity, sponsoring a workshop is a $500 dollar commitment.
  
 
==Opportunity #1 - Happy Hour Meeting==
 
==Opportunity #1 - Happy Hour Meeting==
  
We will have three happy hour meetings in 2013. These will be social meetings where attendees build a local security community. We estimating the need for $500 in food and drink per meeting. By giving sponsors drink tickets to hand to attendees, we ensure that our sponsors are able to interact with everyone looking for another drink. Feel free to pass out business cards and network just like you would anywhere else. We will have three of these types of meetings in 2013 so you can sponsor all of them for just $1,500. On months where we have a formal meeting we will not hold an informal meetup.  
+
These will be social meetings where attendees build a local security community. We estimating the need for $500 in food and drink per meeting. By giving sponsors drink tickets to hand to attendees, we ensure that our sponsors are able to interact with everyone looking for another drink. Feel free to pass out business cards and network just like you would anywhere else.
  
 
==Opportunity #2 - Formal Presentation Meeting==
 
==Opportunity #2 - Formal Presentation Meeting==
  
At our quarterly meetings we will be hosting two quality presenters. Generally we try to pull one presenter from out of state. Your sponsorship of this event includes food and beverages for the attendees. We are seeking $700 per sponsor to cover our expenses. Consider supporting the Houston OWASP community by sponsoring all of our quarterly meetings for $2,800.
+
We normally have one or two speakers at each formal presentation meeting. Sometimes the presenter is from out of state, so we try to defer some of their travel expenses. Your sponsorship of this event includes food and beverages for the attendees. We are seeking $700 per sponsor to cover our expenses.
  
 
==Opportunity #3 - OWASP Presenter Sponsorship==
 
==Opportunity #3 - OWASP Presenter Sponsorship==
  
Although OWASP is a non-profit organization, we strive to provide our members with the best presenters possible. In exchange for covering travel expenses for these presenters, our chapter will provide you with five minutes at the start of the meeting to introduce yourself and tell us about the products or services that your company offers. This benefit is in addition to special mention for sponsoring the travel. The speakers traveling expenses may vary but with a $1,200 donation we think we can handle the rest.
+
Although OWASP is a non-profit organization, we strive to provide our members with the best presenters possible. In exchange for covering travel expenses for these presenters, our chapter will provide you with five minutes at the start of the meeting to introduce yourself and tell us about the products or services that your company offers. This benefit is in addition to special mention for sponsoring the travel. The speakers traveling expenses may vary but with a $1,200 donation we think we can handle the rest.
 
 
==Opporutnity #4 - Meeting Space==
 
 
 
We currently need funds to secure a stable meeting space for our quarterly presentations and workshops.
 
 
 
==Opportunity #5 - Lock Pick Table==
 
 
 
We are coordinating a lock picking table at every event. To help us get some new locks and create some mock door setups. For $1,000 bucks you can sponsor the table for a whole year. This opportunity is limited to one company. We'll credit you for it in all promotions, list you as a sponsor on the website.  The whole deal.  
 
  
 
=Call for Papers=
 
=Call for Papers=
 
==Call for Papers==
 
==Call for Papers==
We're actively accepting abstracts. Please send all abstracts to paul dot scott at owasp dot org.
+
We're actively accepting abstracts. Please send all abstracts to paul dot scott at owasp dot org and Joseph dot Konieczka at owasp dot org.
  
 
=Local News=
 
=Local News=
 
==Local News==
 
==Local News==
Worthwhile information.
 
 
<br>
 
<br>
==November 5th 2012==
+
 
Houston OWASP Chapter has been activated. Please join us in making this a successful security meetup. First meeting to finalize details around 2013 series of meeting has been scheduled for November 19th, 2012. Please fill out the quick five question [http://www.surveymonkey.com/s/RWNWRZX survey] if you have not.
 
  
  
 
__NOTOC__
 
__NOTOC__
<headertabs/>
+
<headertabs></headertabs>
  
 
[[Category:OWASP Chapter]]
 
[[Category:OWASP Chapter]]
 
[[Category:Texas]]
 
[[Category:Texas]]

Latest revision as of 11:50, 10 April 2018

OWASP Houston

Welcome to the Houston chapter homepage. The chapter Leaders are; Joseph Konieczka, Landon Mayo, Patrick Snyder, Paul Scott, Tyler Borland, Tom Cline, Johnathan Kuskos
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.


Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

OWASP Houston April Chapter Meeting

Wed, April 25, 2018 6:30 PM – 8:30 PM

We're once again partnering with the Houston Java Users Group (HJUG) on a topic of interest to both developers and security professionals.

The meeting will be held at PROS and there is plenty of room for everyone there.

Please use this eventbrite link to sign up

https://www.eventbrite.com/e/a-phased-approach-to-building-security-automation-into-your-cicd-tickets-44982159851?aff=owasp

Meeting Location:

PROS

3100 Main

2nd floor, Room B

Houston, TX 77002

Presentation Title: A phased approach to building security automation into your CI/CD

Abstract:

So your engineering team is using CI / CD and churning out code at a frenetic pace. It is unclear where the risk is, what controls to focus on and where in the SDLC to introduce those controls. Mahesh will introduce a practical, risk-based approach to introducing security automation into the CI / CD pipeline to surface critical issues, shorten remediation time without bottlenecking the release. Finally, he will touch on the concepts of interactive analysis (IAST) and runtime protection (RASP) as key tools in this approach.

Speaker: Mahesh Babu, Head of Product Strategy, Contrast Security

Speaker Bio:

Mahesh is responsible for growing Contrast Protect. He takes every opportunity to tell everyone how Contrast has fundamentally changed application security for the first time since he started working in security 10+ years ago. Mahesh has seen the industry evolve as a researcher, consultant, and practitioner within a large bank. He began his career as a security researcher at the CERIAS center at Purdue University. He then went on to build and scale large security & privacy programs a Senior Manager & architect for HSBC Information Security & Risk. He also spent time as a consultant at Deloitte and Booz & Company. Mahesh has a BS in Computer Science and MS in Information Security from Purdue University and an MBA from Duke University.

About our venue sponsor:

PROS Holdings, Inc. (NYSE: PRO) helps companies around the globe realize their revenue profit potential. PROS is the only company with a solution portfolio that improves top- and bottom-line financial results simultaneously. As the largest publicly traded software company in Houston, PROS is proud of our world-class R&D team that’s more than 300 team members strong. Our company culture values ownership, innovation and a relentless commitment to “We Care.” Ask anyone about the best part of working at PROS, and the answer will be “our people.” PROS employees are the most caring, committed, knowledgeable and talented technology professionals around. We wouldn’t have it any other way.

Java is the backbone of all our products. We’re continually looking for ways to remain on the cutting edge of technology, and we’re proud to be supporters and sponsors of Houston’s growing developer community. To find out more about what PROS is all about, please visit our website at www.pros.com.

OWASP Houston February Chapter Meeting

Wed, February 28, 2018

6:30 PM – 8:30 PM

We're once again partnering with the Houston Java Users Group (HJUG) for their annual application security meeting. The meeting will be held at PROS and there is plenty of room for everyone there.

Please use this eventbrite link to sign up. https://hjug02282018.eventbrite.com/?aff=owasp

Title: App Security Really Will Make You Money!

Description:

When organizations think of application security they typically think of technology features and functions. In this talk Checkmarx discusses how Application Security can actually help drive an organization's bottom line and internal processes. In this age of ever expanding risk to organizations, Application Security can be used to expand your customer base, drive compliance, and expand the knowledge of an organization's executives and employees.

Meeting Location: PROS

3100 Main

2nd floor

Room B

Houston, TX 77002

Meeting Sponsor: Checkmarx, Inc

Checkmarx, founded in 2006, is a leader in application security solutions, having developed the first platform for true Source Code Analysis (SCA) with its marquee solution: Static Application SecurityTesting (SAST). Our mission is in enabling organizations to secure applications from the start, reducing risk and cost along the way.

Our platforms offer maximum application security for software developers and security experts throughout the Software Development Life Cycle (SDLC), in both Enterprise and Cloud platform models. Developers advocate for Checkmarx because we enable agile/continuous integration, are easy to use and help them achieve a secure SDLC posture. Security likes us because developers love us…and we also map to the latest security frameworks and compliance mandates.

For more information about Checkmarx, visit http://www.checkmarx.com or follow us on twitter: @checkmarx

About our venue sponsor:

PROS Holdings, Inc. (NYSE: PRO) helps companies around the globe realize their revenue profit potential. PROS is the only company with a solution portfolio that improves top- and bottom-line financial results simultaneously.

As the largest publicly traded software company in Houston, PROS is proud of our world-class R&D team that’s more than 300 team members strong. Our company culture values ownership, innovation and a relentless commitment to “We Care.” Ask anyone about the best part of working at PROS, and the answer will be “our people.” PROS employees are the most caring, committed, knowledgeable and talented technology professionals around. We wouldn’t have it any other way.

Java is the backbone of all our products. We’re continually looking for ways to remain on the cutting edge of technology, and we’re proud to be supporters and sponsors of Houston’s growing developer community.

To find out more about what PROS is all about, please visit our website at www.pros.com.

OWASP Houston November Chapter Meeting

Tuesday November 20, 2017

Title: Lessons from the Underground: Identity Theft and Financial Fraud

Please join us for another OWASP Houston workshop.

Landon Mayo will be leading a lesson on the world of the dark web. He has spent two years researching tactics used to conduct credit card fraud and identity theft.

This lesson is designed to educate you on ways to spot the early signs of potential identity theft and financial fraud.

Landon has been in the trenches researching the tactics used by criminals and criminal organizations.

OWASP Houston July Chapter Meeting

Tuesday July 18, 2017 at 6:30PM

Title: Making Vulnerability Management Less Painful with OWASP DefectDojo

DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team’s work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.

Speaker:

Greg Anderson is the project leader for OWASP DefectDojo. He will be presenting remotely and the room works well for this format. Greg is a long time member of OWASP and has held several different leadership positions. You can find his bio on the official OWASP users page: https://www.owasp.org/index.php/User:Devgreg

Tuesday May 23, 2017 at 6:00PM

Discussion about OWASP Projects and events

OWASP Houston Chapter assisted San Jacinto College Advisory Boards

March 30 and 31, 2017

We had some members of the chapter provide extremely valuable feedback to enhance the college's programs. Thank you to everyone that helped with this effort. We will have more opportunities to be involved with the college.

OWASP Houston February Chapter Meeting

Wednesday February 22, 2017 at 6:00PM

Title: Effective Application Security Testing at High Velocity: Keeping up with Agile and DevOps Speaker: James "Jimmy" Rabon James Rabon shared lessons learned by working with some of the most advanced and innovative application security customers / programs. Learn how static and dynamic analysis of applications can be made efficient and effective in some of the most dynamic development organizations. See how app sec leaders integrate application security throughout their software development lifecycle and include it in the DevOps tool chain of automation to move security testing at high velocity. Automation is your friend and we will examine where modern security tools are being included in the “treat infrastructure as code” mantra. We’ll also take a look beyond security tools and automation to the people and processes that effective application security programs use to run at high speed. A brief demo will follow for those interested.

Speaker Bio:

Jimmy Rabon began his career as a software developer for the Computer Sciences Corp before deciding to specialize in application security over seven years ago with Fortify. He began his career in application security by serving as an on-site subject matter expert for software security and has performed countless security audits of applications (both static and dynamic testing reviews) for several large commercial and government entities. He has enabled organizations that utilized his or his team’s services, to find and fix exploitable vulnerabilities in critical systems.

Having worked as a software engineer for many years prior to specializing in application security, he understands the unique challenges that developers face when attempting to deliver secure code and can help deliver effective technology and processes to enable information assurance and development teams to work together to make software as secure as possible.

He leads a team of highly skilled application security consultants as the head of HPE Fortify professional services responsible for designing effective software assurance solutions in the Americas.

He is currently a Senior Product Manager with Fortify with a passion for building security products that solve real world problems in the most effective and efficient way possible.


OWASP Houston October Chapter Meeting

Monday October 17, 2016 at 6:30PM

Title: Murder Mystery – Who is Killing your Information Security Program

Speaker: Gordon MacKay

Presentation Abstract:

Integrating vulnerability scanning results into one’s security ecosystem involves a serious hidden challenge which results in heinous consequences, thereby killing your InfoSec program. This session shares clues on this challenge, step by step, in the form of a murder mystery game, and ultimately reveals the culprit as well as strategies to overcome it. Come participate, play, and interact! Try to guess “who-dunnit,” and learn how to avoid future similar InfoSec crimes.

Speaker Bio

Gordon MacKay, CISSP and Software/Systems Guru with a dash of security hacking,serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology. MacKay has presented at numerous security related conferences, including Bsides Austin 2016, BSides San Antonio 2016, BSides Dallas 2015, RSA 2013, ISC2 San Antonio, ISSA Houston, ISACA San Antonio, and has been featured by top media outlets such as CIO Review, FOX Business, Fox News, Softpedia, IT World Canada and others. He holds a Bachelor's in Computer Engineering from McGill University. He is a Distinguished Ponemon Institute Fellow.


OWASP Houston September Chapter Meeting

Monday September 19, 2016 at 6:30PM

Title: Web App Testing Stats Compared to The OWASP Top 10

Description: For over seven years, Cigital has performed high volumes of application security assessments through the Cigital Assessment Center (CAC). Over that time the CAC has accumulated a large amount of data that provides helpful insights into software security practices. We’ll present the most common web application security vulnerabilities identified over one year by the CAC, contrasting our findings with one of the industry’s leading benchmarks, the OWASP Top 10.

Bio: Joel Scambray is a Principal at Cigital, a leading software security consulting firm established in 1992. He has helped Fortune 500-class organizations address information security challenges for over twenty years as a consultant, author and speaker, business leader, and entrepreneur. He is widely recognized as co-author of the Hacking Exposed book series, and has worked/consulted for companies including Microsoft, Foundstone, Amazon, Costco, Softcard, and Ernst & Young.


OWASP Houston August Chapter Meeting

Monday August 22, 2016 at 6:30PM

August speaker and topic - Roger Huebner, Corporate Architect/Distinguished Engineer at NetIQ, will be speaking on Docker and containers. Since so many developers are adopting this approach to deployment and operations teams are also embracing this growing trend, it is important to learn about it so that we can help secure these application containers as well. We had some lively discussion on this topic, so it was definitely well received.


OWASP Houston July 2016 Chapter Meeting

Monday July 18, 2016 at 6:30PM

Michael F. Angelo, CRISC, CISSP | Chief Security Architect at Micro Focus | NetIQ Corporation went over Threat Modeling basics and philosophy as well of some of the tools that he uses. We had a solid turnout and a great deal of audience participation and discussion.

OWASP Houston June 2016 Chapter Meeting

Monday June 20, 2016 at 6:30PM

We met at the NetIQ offices from 6:30-8:30PM on Monday June 20, 2016 to restart the chapter and had a great turnout.

Meeting Agenda:

1. Introductions of all attendees to gain a solid understanding of backgrounds, interests, and what people would like to learn about.

2. Upcoming security related conferences - LASCON in Austin, Cyber Texas in San Antonio

3. Major OWASP Projects that have been updated recently or currently being worked on: OWASP Top 10 - 2016 Data Call discussion question review. Proactive Controls, ASVS 3, Developer Guide reboot, OpenSAMM, WAFEC updates, OWASP Testing Guide, WebGoat 7

4. Discussion about possible study groups that we want to start having. For example, CISSP or CSSLP certification preparation, Hacking-Live CD interactive sessions. OWASP ZAP workshop (leveraging bodgeit, WebGoat, and Security Shepherd), other books or projects people would like to pursue.

5. Topics that people would like to see discussed at the next meeting and how often they would like to meet. Ideally, we could meet once a month for the normal meeting and then at least twice a month for study groups. This has been very successful for the Austin chapter.


RSVP





Sponsorship Opportunities

We're always looking for sponsors to help us provide the highest quality experience for our attendees. For sponsoring OWASP Houston we will list your name on our site, mention your sponsorship in all announcements on the mailing list, send us a banner and we'll hang it at the event, and send you some pictures. If you'd like to send someone to attend the event we will make room for a table. We encourage sponsors to have raffles to try and capture leads. Rather than sponsoring just one event consider sponsoring a few.

Opportunity #0 - Workshops

We are currently mapping out workshops for 2017. These will be meetings dedicated to hands on education. This could be related to programming a vulnerability scanner, auditing source code, exploiting a vulnerability, or mini-ctf. Your sponsorship of this event includes appetizers and beverages for the attendees. Due to popularity, sponsoring a workshop is a $500 dollar commitment.

Opportunity #1 - Happy Hour Meeting

These will be social meetings where attendees build a local security community. We estimating the need for $500 in food and drink per meeting. By giving sponsors drink tickets to hand to attendees, we ensure that our sponsors are able to interact with everyone looking for another drink. Feel free to pass out business cards and network just like you would anywhere else.

Opportunity #2 - Formal Presentation Meeting

We normally have one or two speakers at each formal presentation meeting. Sometimes the presenter is from out of state, so we try to defer some of their travel expenses. Your sponsorship of this event includes food and beverages for the attendees. We are seeking $700 per sponsor to cover our expenses.

Opportunity #3 - OWASP Presenter Sponsorship

Although OWASP is a non-profit organization, we strive to provide our members with the best presenters possible. In exchange for covering travel expenses for these presenters, our chapter will provide you with five minutes at the start of the meeting to introduce yourself and tell us about the products or services that your company offers. This benefit is in addition to special mention for sponsoring the travel. The speakers traveling expenses may vary but with a $1,200 donation we think we can handle the rest.

Call for Papers

We're actively accepting abstracts. Please send all abstracts to paul dot scott at owasp dot org and Joseph dot Konieczka at owasp dot org.

Local News