Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
m
(5 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
  
=====[https://www.cvent.com/events/owasp-sponsorship-and-donation/registration-99bc1441e2684ff5b214b0df6b3a9ae3.aspx https://www.owasp.org/images/2/2f/Donatenow.jpg]=====
+
=====[http://www.regonline.com/donation_1044369 https://www.owasp.org/images/2/2f/Donatenow.jpg]=====
  
 
Single Meeting Supporter:
 
Single Meeting Supporter:
Line 15: Line 15:
 
  - Bring a raffle prize to gather business cards
 
  - Bring a raffle prize to gather business cards
  
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations  
+
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations
  
 
== '''Announcements'''  ==
 
== '''Announcements'''  ==
Line 37: Line 37:
 
<br>  
 
<br>  
  
== '''Next Meeting  February 20, 7PM:'''==  
+
== '''Next Meeting  Wednesday, March 20, 2013 6:15 PM:'''==  
*'''At: Symantec Offices'''
+
*'''At: [http://maps.google.com/maps?q=3500+Ramona+Boulevard+%2C+Monterey+Park%2C+CA Luminaria's]'''
  
*900 Corporate Pointe, Culver City, CA 90230
+
*3500 Ramona Boulevard , Monterey Park, CA [http://maps.google.com/maps?q=3500+Ramona+Boulevard+%2C+Monterey+Park%2C+CA map]
  
*Note the change in date, due to RSA
+
*Note the change in date, as this is a joint meeting with ISSA
  
  
  
== '''Speaker: iMan Louis''' ==  
+
== ''' Speaker: Garret Grajek''' ==  
*''' Abstract: Secure Password Storage Practices '''
+
*''' Synopsis: '''
(or Why "Hashing + Salting != Secure Passwords")
+
  
Many web applications require passwords that are hard for users to remember, cumbersome to type, yet easy for hackers to crack. With affordable, lightning-fast hardware aiding hackers, we have recently seen a number of large organizations in the news for user-password security failures. Join us as we discuss common attacks on password lists/tables as well as some password storage practices that can make any cracking attempts not worth the attackers’ time.
+
Securing Mobile Apps – that’s the big discussion today. The last couple of years enterprises have been attempting to meet this requirement by deploying client-intensive MDMs (Mobile Device Managers). This has left the apps being utilized by partners, suppliers and customers – completely unprotected. How do we meet the challenge of applying security authentication standards to these un-managed devices. This is what will be discussed/demo’d.
  
 +
Presentation Break-Out:
  
*'''Bio: iMan Louis '''  
+
''' Title: Securing Mobile Apps for the Enterprise '''
iMan is a Senior Consultant with Cigital Inc., where he conducts security code reviews, ethical hacking, and web application security assessments for some of the largest global corporations. He has also developed courseware for Cigital's Defensive Programming course series and delivered instructor-led training for many years. He brings 12 years of experience in software development and application security. iMan has recently moved from San Francisco to the Greater L.A. area and is looking forward to being an active member of our L.A. OWASP chapter.
+
  
 +
*''' Agenda: '''
  
== '''Sponsors: Arxan Technologies and Cigital'''==
+
I. The Condudrum: Secure the Phone or the App?
''' Arxan Technologies '''
+
  
Sharing thought leadership & best practices on mobile apps security.
+
II. History: SMS (System Manangement Server) vs WAM
  
MOBILE APPLICATION PROTECTION
+
III. Now: MDM vs MAM (Mobile Appplication Managemnt)
Application Security for Digital Media, Enterprise, Financial Institutions, Gaming, Software Publishers and more.
+
  
WORLD LEADER IN PROTECTING THE APP ECONOMY
+
IV: Advantage of App-Centric Security (MAM)
Security for Mobile, Desktop, Embedded and Server Applications.
+
  
ACTIVE CONTENT PROTECTION TO SECURE PREMIUM CONTENT AND DIGITAL MEDIA APPLICATIONS
+
- Modifiable Authentication
  
ANTI-TAMPER, ANTI-PIRACY SOFTWARE PROTECTION
+
- No Agent needed
Prevent lost revenue and compromise of intellectual property from hacker attacks in global markets
+
  
 +
- No update needed of client software for workflow/Auth change
  
''' Cigital '''
+
V: Demo of MAM
  
The world’s largest consulting firm specializing in software security
+
VI Q.A.
  
Cigital, Inc is the global leader in helping organizations design, build, and maintain secure software. Our unique expertise, technologies, and training services are a culmination of over twenty years of research and thousands of successful software security consulting engagements at leading public and private organizations throughout the world.
+
*''' Bio: '''
  
 +
Garret Grajek, CTO / COO, SecureAuth Corporation.
 +
 +
Garret Grajek is a CISSP-certified security engineer with more than 20 years of experience in the information security and authentication space. As Chief Technical Officer and Chief Operating Officer for SecureAuth Corporation, Garret is responsible for the strategic direction of the company’s Identity Enforcement product offerings.
 +
 +
Prior to co-founding SecureAuth, Grajek held leadership roles at some of the world’s leading technology companies including Cisco and IBM, where he was responsible for consumer and network security products. He also served as western region lead field engineer for RSA Security.
 +
 +
Grajek also worked at Netegrity where he was responsible for field implementation of Access Control products and led installations of SiteMinder, the security suite that controls all user access to the E*Trade Financial Services web site. Netegrity became the standard for internet access control and was acquired by CA.
 +
 +
He began his career as an entrepreneur and founder of an independent programming company that specialized in operating systems and network utilities. A pioneer in the use of the Linux operating system in enterprise environments, Grajek was responsible for the successful completion of numerous projects for IBM, Texas Instruments, Tandem Computers.
 +
 +
Grajek holds bachelor’s degree in computer science from the University of Texas at Austin.
 +
 +
== '''Sponsor: Security Innovation'''==
 +
 +
[https://www.securityinnovation.com/ Security Innovation]
 +
 +
The Application Security Company
 +
 +
Reduce Application Security Risk
 +
 +
Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches – insecure applications. Their solutions are based on the three pillars of a secure SDLC, which feed into one another to create an ecosystem of repeatable, secure software development: ''' [https://www.securityinnovation.com/solutions/standards-and-process.html Standards] ''', ''' [https://www.securityinnovation.com/solutions/education.html Education] ''' and ''' [https://www.securityinnovation.com/solutions/assessment.html Assessment] '''
  
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
Line 91: Line 109:
  
 
== '''Other Events'''  ==
 
== '''Other Events'''  ==
*'''ISSA Los Angeles Monthly Meeting'''
+
*''' [http://www.socallinuxexpo.org/scale11x The Eleventh Annual Southern California Linux Expo February 22-24, 2013 Hilton Los Angeles International Airport] '''  
        Special Discount for OWASP Members
+
        WEDNESDAY, Feb 20, 2013 11:30 AM - 1:45 PM
+
        at Les Freres Taix French Restaurant
+
        1911 West Sunset Blvd., LA, Ca 90026
+
        (213) 484-1265
+
        issala.org
+
  
 
*''' [http://www.issala.org/summit/ Early Bird Registration now open for the ISSA LA Security Summit May 21 at the Universal City Hilton] '''
 
*''' [http://www.issala.org/summit/ Early Bird Registration now open for the ISSA LA Security Summit May 21 at the Universal City Hilton] '''
Line 126: Line 138:
  
 
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker  <br>
 
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker  <br>
 +
Volunteer OWASP Wiki: Mike Francis <br>
 
The Los Angeles chapter was founded by Cassio Goldschmidt.  
 
The Los Angeles chapter was founded by Cassio Goldschmidt.  
  

Revision as of 03:47, 24 February 2013

Contents

Welcome to the Los Angeles Chapter!

Donatenow.jpg

Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits::

- Meet upwards of 60-90 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi) 
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting 
- Promote your products and services
- Bring a raffle prize to gather business cards

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

Announcements

Change in Leadership

Tin Zaw has been a strong and effective visionary President and Leader for OWASP Los Angeles for several years. He will remain an active member of the Board, but effective January 1, 2013, Tin will be stepping down as Leader. Richard Greenberg -- Current Board Member, will assume this role going forward. We give our thanks to Tin for his efforts and dedication and look forward to the new year under Richard's leadership.


logo.png

We are on Meetup. Please join our community there.

If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/


OWASP Mailing List

Sign up for the OWASP Los Angeles mailing list, very low volume and spam free.
https://lists.owasp.org/mailman/listinfo/owasp-losangeles


Next Meeting Wednesday, March 20, 2013 6:15 PM:

  • 3500 Ramona Boulevard , Monterey Park, CA map
  • Note the change in date, as this is a joint meeting with ISSA


Speaker: Garret Grajek

  • Synopsis:

Securing Mobile Apps – that’s the big discussion today. The last couple of years enterprises have been attempting to meet this requirement by deploying client-intensive MDMs (Mobile Device Managers). This has left the apps being utilized by partners, suppliers and customers – completely unprotected. How do we meet the challenge of applying security authentication standards to these un-managed devices. This is what will be discussed/demo’d.

Presentation Break-Out:

Title: Securing Mobile Apps for the Enterprise

  • Agenda:

I. The Condudrum: Secure the Phone or the App?

II. History: SMS (System Manangement Server) vs WAM

III. Now: MDM vs MAM (Mobile Appplication Managemnt)

IV: Advantage of App-Centric Security (MAM)

- Modifiable Authentication

- No Agent needed

- No update needed of client software for workflow/Auth change

V: Demo of MAM

VI Q.A.

  • Bio:

Garret Grajek, CTO / COO, SecureAuth Corporation.

Garret Grajek is a CISSP-certified security engineer with more than 20 years of experience in the information security and authentication space. As Chief Technical Officer and Chief Operating Officer for SecureAuth Corporation, Garret is responsible for the strategic direction of the company’s Identity Enforcement product offerings.

Prior to co-founding SecureAuth, Grajek held leadership roles at some of the world’s leading technology companies including Cisco and IBM, where he was responsible for consumer and network security products. He also served as western region lead field engineer for RSA Security.

Grajek also worked at Netegrity where he was responsible for field implementation of Access Control products and led installations of SiteMinder, the security suite that controls all user access to the E*Trade Financial Services web site. Netegrity became the standard for internet access control and was acquired by CA.

He began his career as an entrepreneur and founder of an independent programming company that specialized in operating systems and network utilities. A pioneer in the use of the Linux operating system in enterprise environments, Grajek was responsible for the successful completion of numerous projects for IBM, Texas Instruments, Tandem Computers.

Grajek holds bachelor’s degree in computer science from the University of Texas at Austin.

Sponsor: Security Innovation

Security Innovation

The Application Security Company

Reduce Application Security Risk

Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches – insecure applications. Their solutions are based on the three pillars of a secure SDLC, which feed into one another to create an ecosystem of repeatable, secure software development: Standards , Education and Assessment

Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Other Events


Archives of Previous Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

List of presentations available from past meetings


Los Angeles Chapter

Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker
Volunteer OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg