Welcome to the Houston chapter homepage. The chapter leaders are Mark Feferman, Paul Dial, Linda Fox and David Nester
Click here to join the local chapter mailing list.
OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
The Houston Chapter will focus around Web Application Security issues with discussions on application layer vulnerabilties, penetration testing, and secure coding practices within the numerous development languages. Our chapter will meet on the second (2nd) Wednesday of each month and participation in OWASP Houston is free and open to all.
Please subscribe to the mailing list for meeting announcements. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in web application security is welcome to attend. We encourage attendees to give short presentations about specific topics. If you would like to make a presentation, or have any questions about the Houston Chapter, send an email to David Nester.
Revisiting Application Security Controls - May 12, 2010
The application security domain has existed for quite a while now; however we are still struggling to fill in the fundamental security gaps in the software implementations. Take for example: we spend enormous effort and time to enforce basic input/output validations so to fortify the applications' security. The area that we need to focus on is to educate and train the developers to integrate security controls in the development phase of an application, rather than developing the application with the traditional methods and then testing & patching the application. If we integrate the security controls in the first place, it would drastically reduce cost, effort and time. The presentation by Gunwant Singh will shed light on the basic controls that developers can incorporate into the applications for a better security posture. Also, he will elucidate on how and where exactly one can use input/output validations appropriately in web applications.
Gunwant Singh is currently working with SAIC India Private Limited as Information Security Analyst II. At SAIC, he is working for a Fortune 100 MNC to audit their web applications and servers for its global application security group. Prior to SAIC, he worked as a freelancer providing services to a number of firms. He has done extensive research on Honeypots and collated enormous data on web servers like IIS, Apache and Zeus. As a security consultant he has spoken at National Informatics Center, India and audited a number of government web applications for them. He is actively engaged in OWASP Delhi Chapter and has hosted several training sessions and presentations for them.
Date, Time and Location:
Wednesday, May 12, 2010 from 6 PM to 8 PM
Houston Community College (HCC)
1010 West Sam Houston Parkway North
Spring Branch Campus Commons
Houston, TX 77043
- RSVP to firstname.lastname@example.org
- Directions: Physically it is Beltway 8 and I-10 -- Take the Gesner Exit of I-10 from downtown. It is next door to Murphy's Deli.
- Parking Pass ( http://owasp.icrew.org/downloads/hccparking.pdf ): Place print this out and place on your windshield
Meeting Schedule for 2010
- May 12th
- June 9th
- July 14th
- August 11th
- September 8th
- October 13th
- October 2009 : Customer relationship management (CRM) systems
- August 12, 2009 : SharePoint Auditing and Penetration Testing Presentation Download
Presentation by: Shohn Trojacek
- July 8, 2009 : Embedded System Security Presentation Download
Presentation by: Sam Denard
- June 10, 2009 : Web Application Security and PHP. Presentation Download
Presentation by: Eric Cherian
- May 13, 2009 (A): Securing connection strings in the Web.Config and App.Config files for .NET Presentation Download
Presentation by: Mark Feferman, CISSP
- May 13, 2009 (B): Stealing the Airlines Online Data Presentation Download
Presentation by: Quincy Jackson, CISSP
- April 8, 2009: 2009 Statistics Report and ClickJacking Presentation Download
Presentation by David Nester, Director, Solutions Architecture, Whitehat Security.
- August 19, 2008: Dirty Dozen - Truth and facts about PCI DSS Presentation Download
Presentation by Genady Vishnevetsky, CISSP Director, IT Operations and Security. Paymetric, Inc
- June 11, 2008: The OWASP Top 10 Presentation Download
Presentation by J Sawyer, Developer Evangelist of Microsoft
- November 7, 2007: Black Box versus White Box: Different App Testing Strategies Presentation Download
Presentation by John Dickson of the Denim Group.
- October 10, 2007 :: Top 10 Website Attack Techniques Presentation Download
Presentation by Jeremiah Grossman, CTO, Whitehat Security
- September 12, 2007: Fortify Software
- August 8, 2007: Atrysk Security Presentation Download
Houston OWASP Chapter Leaders
Our chapter leaders are Mark Feferman, Linda Fox, Paul Dial and David Nester.