Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
(OWASP LA Security Summit: April 25, 2012, 3:00PM - 8PM)
(39 intermediate revisions by 6 users not shown)
Line 1: Line 1:
== Welcome to Los Angeles Chapter!  ==
+
== Welcome to the Los Angeles Chapter!  ==
  
<paypal>Los Angeles</paypal><br>
 
  
[http://www.regonline.com/owasp_membership https://www.owasp.org/images/2/2f/Donatenow.jpg] Donate funds to Los Angeles chapter via RegOnline.
+
=====[http://www.regonline.com/donation_1044369 https://www.owasp.org/images/2/2f/Donatenow.jpg]=====
  
== Announcements  ==
+
Single Meeting Supporter:
 +
Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission
  
http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png
+
Get the following benefits::
===== We are on Meetup. Please join our community there. =====
+
- Meet upwards of 60-90 potential new clients
 +
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi)
 +
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
 +
- Have a table at local chapter meeting
 +
- Promote your products and services
 +
- Bring a raffle prize to gather business cards
 +
 
 +
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations
 +
 
 +
== '''Announcements'''  ==
 +
 
 +
=== Change in Leadership ===
 +
Tin Zaw has been a strong and effective visionary President and Leader for OWASP Los Angeles for several years. He will remain an active member of the Board, but effective January 1, 2013, Tin will be stepping down as Leader. Richard Greenberg -- Current Board Member, will assume this role going forward. We give our thanks to Tin for his efforts and dedication and look forward to the new year under Richard's leadership.
 +
 
 +
 
 +
'''[http://www.meetup.com/OWASP-Los-Angeles/ http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png]
 +
==== We are on Meetup. Please join our community there. ====
 +
===== If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer. =====
  
 
===== http://www.meetup.com/OWASP-Los-Angeles/ =====
 
===== http://www.meetup.com/OWASP-Los-Angeles/ =====
  
===== Sign up for OWASP Los Angeles mailing list, very low volume and spam free.  =====
+
<br>
 +
== '''OWASP Mailing List'''==
 +
===== Sign up for the OWASP Los Angeles mailing list, very low volume and spam free.  =====
  
 
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles  =====
 
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles  =====
Line 18: Line 37:
 
<br>  
 
<br>  
  
== OWASP LA Security Summit: April 25, 2012, 3:00PM - 8PM <br> ==
+
== '''Next Meeting  Wednesday, March 20, 2013 6:15 PM:'''==  
 +
*'''At: [http://maps.google.com/maps?q=3500+Ramona+Boulevard+%2C+Monterey+Park%2C+CA Luminaria's]'''
  
''(Note different time and location)''
+
*3500 Ramona Boulevard , Monterey Park, CA [http://maps.google.com/maps?q=3500+Ramona+Boulevard+%2C+Monterey+Park%2C+CA map]
  
 +
*Note the change in date, as this is a joint meeting with ISSA
  
'''Jerry Hoff VP, Static Code Analysis Division at WhiteHat Security, will be speaking about Webgoat. Shakeel Tufail, Federal Practice Director for HP Enterprise Security Solutions, will be speaking on ''"Software (In)Security - Challenges to securing software"''. Noa Bar Yosef, Senior Security Strategist at Imperva, will be speaking on ''"De-Anonymizing Anonymous"''. A concluding panel, moderated by Richard Greenberg, Information Security Officer for LA County Public Health, will have the speakers joined by Adnan Masood, a Software Engineer and Architect.
 
  
''Food and drinks will follow''.'''
 
  
 +
== ''' Speaker: Garret Grajek''' ==
 +
*''' Synopsis: '''
  
 +
Securing Mobile Apps – that’s the big discussion today. The last couple of years enterprises have been attempting to meet this requirement by deploying client-intensive MDMs (Mobile Device Managers). This has left the apps being utilized by partners, suppliers and customers – completely unprotected. How do we meet the challenge of applying security authentication standards to these un-managed devices. This is what will be discussed/demo’d.
  
<!-- '''''Location:'''''<br>  -->
+
Presentation Break-Out:
<b>
+
Location:
+
  
Four Points by Sheraton Los Angeles </b>
+
''' Title: Securing Mobile Apps for the Enterprise '''
  
5990 Green Valley Cir
+
*''' Agenda: '''
  
Culver City, CA 90230
+
I. The Condudrum: Secure the Phone or the App?
  
(310) 641-7740
+
II. History: SMS (System Manangement Server) vs WAM
  
 +
III. Now: MDM vs MAM (Mobile Appplication Managemnt)
  
RSVP at http://www.meetup.com/OWASP-Los-Angeles/
+
IV: Advantage of App-Centric Security (MAM)
  
<br>
+
- Modifiable Authentication
  
'''Thanks to Our Sponsors:'''
+
- No Agent needed
'''
+
  
http://www.f5.com/flash/application-ready-network/f5-logo.jpg
+
- No update needed of client software for workflow/Auth change
  
Internet threats are widely varied and multi-layered. As these threats evolve, organizations find that traditional firewalls lack the intelligence and the scalability needed to stay effective and responsive under DDoS and a whole range of other sophisticated attacks. The result is a failure to protect the business from loss of critical Internet data center services.
+
V: Demo of MAM
  
F5 offers a native, high performance firewall solution that protects the entire infrastructure and scales to perform under the most demanding conditions. F5 provides the intelligence and flexibility you need to stay secure in the ever-changing and increasingly threatening landscape. You get a common platform to deliver applications and significantly improve responsiveness to rapidly evolving threats.
+
VI Q.A.
  
In addition, F5 provides a flexible, certified web application firewall and comprehensive, policy-based web application security to address emerging threats at the application level. This combination significantly reduces the risk of damage to intellectual property, data, and web applications. With F5, you get a complete application protection solution on a certified network firewall platform that eliminates the need for multiple appliances. This lowers maintenance and management costs, and increases the confidentiality, availability, and integrity of your applications, network, and processes. F5 brings together the network, applications, data, and users under a single security strategy that traditional firewalls and point solutions don’t offer.
+
*''' Bio: '''
  
 +
Garret Grajek, CTO / COO, SecureAuth Corporation.
  
http://www.genevatechnicalservices.com/images/partners/qualys-logo.gif
+
Garret Grajek is a CISSP-certified security engineer with more than 20 years of experience in the information security and authentication space. As Chief Technical Officer and Chief Operating Officer for SecureAuth Corporation, Garret is responsible for the strategic direction of the company’s Identity Enforcement product offerings.
  
Qualys, Inc. is the pioneer and leading provider of information security and compliance cloud solutions with 5,500+ customers in 85 countries, including 51 of the Forbes Global 100. The QualysGuard Cloud Platform and integrated suite of applications helps businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
+
Prior to co-founding SecureAuth, Grajek held leadership roles at some of the world’s leading technology companies including Cisco and IBM, where he was responsible for consumer and network security products. He also served as western region lead field engineer for RSA Security.
  
For more information, please visit www.qualys.com.
+
Grajek also worked at Netegrity where he was responsible for field implementation of Access Control products and led installations of SiteMinder, the security suite that controls all user access to the E*Trade Financial Services web site. Netegrity became the standard for internet access control and was acquired by CA.
  
== April message from OWASP Los Angeles <br> ==
+
He began his career as an entrepreneur and founder of an independent programming company that specialized in operating systems and network utilities. A pioneer in the use of the Linux operating system in enterprise environments, Grajek was responsible for the successful completion of numerous projects for IBM, Texas Instruments, Tandem Computers.
  
 +
Grajek holds bachelor’s degree in computer science from the University of Texas at Austin.
  
<b> 1. Participate in Projects </b>
+
== '''Sponsor: Security Innovation'''==
  
OWASP is about projects. Without projects, OWASP wouldn't exist, and projects need new blood. I would like to encourage your participation in the projects. There are many projects to choose from (link below) but  testing, development and code review guides are in urgent need of help. You don't need to be a coder to contribute.  
+
[https://www.securityinnovation.com/ Security Innovation]
  
https://www.owasp.org/index.php/Category:OWASP_Project
+
The Application Security Company
  
Please see what you can contribute and feel free to reach out to the project leaders directly, or send me an email if you want an introduction.
+
Reduce Application Security Risk
  
<b> 2. Call for Local Speakers </b>
+
Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches – insecure applications. Their solutions are based on the three pillars of a secure SDLC, which feed into one another to create an ecosystem of repeatable, secure software development: ''' [https://www.securityinnovation.com/solutions/standards-and-process.html Standards] ''', ''' [https://www.securityinnovation.com/solutions/education.html Education] ''' and ''' [https://www.securityinnovation.com/solutions/assessment.html Assessment] '''
  
We have a lot of security talent in LA area and we would love to hear from you. Edward Bonver is leading an initiative to have local speakers more involved and present at OWASP meetings. Please reach out to him at edward@owasp.org if you're interested.  
+
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
 +
<br>
  
----
+
== Would you like to speak at an OWASP Los Angeles Meeting? ==
  
== Other Events  ==
+
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:richard.greenberg@owasp.org Richard Greenberg]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.
  
'''ISSA-LA''' holds a lunch meeting on the 3rd Wed of each month, for more information visit [http://www.issa-la.org/ www.issa-la.org].
+
<br>
  
The leading InfoSec Professionals in SoCal will be Gathering at the Universal City Hilton May 16 for the '''ISSA-LA''' Information Security Summit. Visit: http://www.issala.org/summit/
+
== '''Other Events''' ==
 +
*''' [http://www.socallinuxexpo.org/scale11x The Eleventh Annual Southern California Linux Expo February 22-24, 2013 Hilton Los Angeles International Airport] '''
  
<br>
+
*''' [http://www.issala.org/summit/ Early Bird Registration now open for the ISSA LA Security Summit May 21 at the Universal City Hilton] '''
----
+
Would you like to speak at an OWASP Los Angeles Meeting?
+
  
Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to [mailto:tin.zaw@owasp.org Tin Zaw]. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.
 
 
<br>
 
  
 
== Archives of Previous Meetings  ==
 
== Archives of Previous Meetings  ==
 +
[[Los Angeles/2012 Meetings|2012 Meetings]]
  
 
[[Los Angeles/2011 Meetings|2011 Meetings]]  
 
[[Los Angeles/2011 Meetings|2011 Meetings]]  
Line 111: Line 131:
 
== Los Angeles Chapter  ==
 
== Los Angeles Chapter  ==
  
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Chapter Leader and President   
+
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Chapter Leader and President   
*[mailto:cassio@owasp.org Cassio Goldschmidt] -- Board Member
+
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Board Member
*[mailto:richard.greenberg@owasp.org Richard Greenberg] -- Board Member
+
 
*[mailto:edward@owasp.org Edward Bonver] -- Board Member
 
*[mailto:edward@owasp.org Edward Bonver] -- Board Member
 +
*[mailto:Kelly.Fitzgerald@owasp.org Kelly Fitzgerald] -- Board Member
 +
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member
  
Volunteer OWASP Leaders: Kelly Fitzgerald, Yev Avidon, Mikhael Felker and Stuart Schwartz
+
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker <br>
 +
Volunteer OWASP Wiki: Mike Francis <br>
 +
The Los Angeles chapter was founded by Cassio Goldschmidt.
  
 
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!  
 
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!  

Revision as of 03:47, 24 February 2013

Contents

Welcome to the Los Angeles Chapter!

Donatenow.jpg

Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits::

- Meet upwards of 60-90 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi) 
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting 
- Promote your products and services
- Bring a raffle prize to gather business cards

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

Announcements

Change in Leadership

Tin Zaw has been a strong and effective visionary President and Leader for OWASP Los Angeles for several years. He will remain an active member of the Board, but effective January 1, 2013, Tin will be stepping down as Leader. Richard Greenberg -- Current Board Member, will assume this role going forward. We give our thanks to Tin for his efforts and dedication and look forward to the new year under Richard's leadership.


logo.png

We are on Meetup. Please join our community there.

If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/


OWASP Mailing List

Sign up for the OWASP Los Angeles mailing list, very low volume and spam free.
https://lists.owasp.org/mailman/listinfo/owasp-losangeles


Next Meeting Wednesday, March 20, 2013 6:15 PM:

  • 3500 Ramona Boulevard , Monterey Park, CA map
  • Note the change in date, as this is a joint meeting with ISSA


Speaker: Garret Grajek

  • Synopsis:

Securing Mobile Apps – that’s the big discussion today. The last couple of years enterprises have been attempting to meet this requirement by deploying client-intensive MDMs (Mobile Device Managers). This has left the apps being utilized by partners, suppliers and customers – completely unprotected. How do we meet the challenge of applying security authentication standards to these un-managed devices. This is what will be discussed/demo’d.

Presentation Break-Out:

Title: Securing Mobile Apps for the Enterprise

  • Agenda:

I. The Condudrum: Secure the Phone or the App?

II. History: SMS (System Manangement Server) vs WAM

III. Now: MDM vs MAM (Mobile Appplication Managemnt)

IV: Advantage of App-Centric Security (MAM)

- Modifiable Authentication

- No Agent needed

- No update needed of client software for workflow/Auth change

V: Demo of MAM

VI Q.A.

  • Bio:

Garret Grajek, CTO / COO, SecureAuth Corporation.

Garret Grajek is a CISSP-certified security engineer with more than 20 years of experience in the information security and authentication space. As Chief Technical Officer and Chief Operating Officer for SecureAuth Corporation, Garret is responsible for the strategic direction of the company’s Identity Enforcement product offerings.

Prior to co-founding SecureAuth, Grajek held leadership roles at some of the world’s leading technology companies including Cisco and IBM, where he was responsible for consumer and network security products. He also served as western region lead field engineer for RSA Security.

Grajek also worked at Netegrity where he was responsible for field implementation of Access Control products and led installations of SiteMinder, the security suite that controls all user access to the E*Trade Financial Services web site. Netegrity became the standard for internet access control and was acquired by CA.

He began his career as an entrepreneur and founder of an independent programming company that specialized in operating systems and network utilities. A pioneer in the use of the Linux operating system in enterprise environments, Grajek was responsible for the successful completion of numerous projects for IBM, Texas Instruments, Tandem Computers.

Grajek holds bachelor’s degree in computer science from the University of Texas at Austin.

Sponsor: Security Innovation

Security Innovation

The Application Security Company

Reduce Application Security Risk

Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches – insecure applications. Their solutions are based on the three pillars of a secure SDLC, which feed into one another to create an ecosystem of repeatable, secure software development: Standards , Education and Assessment

Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Other Events


Archives of Previous Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

List of presentations available from past meetings


Los Angeles Chapter

Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker
Volunteer OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg