Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
(48 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
== Welcome to the Los Angeles Chapter!  ==
 
== Welcome to the Los Angeles Chapter!  ==
  
==== [http://www.regonline.com/donation_1044369 Sponsors and Supporters Donate Here] ====
 
  
=====https://www.cvent.com/events/owasp-sponsorship-and-donation/registration-99bc1441e2684ff5b214b0df6b3a9ae3.aspx=====
+
=====[http://www.regonline.com/donation_1044369 https://www.owasp.org/images/2/2f/Donatenow.jpg]=====
  
 
Single Meeting Supporter:
 
Single Meeting Supporter:
Line 16: Line 15:
 
  - Bring a raffle prize to gather business cards
 
  - Bring a raffle prize to gather business cards
  
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations  
+
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations
  
 
== '''Announcements'''  ==
 
== '''Announcements'''  ==
  
*'''Change in Leadership'''
+
=== ''' [http://www.appseccali.org/ Mark Your Calendars: OWASP AppSec California Summit January 27-28, 2014-] ===
 +
 
 +
=== Change in Leadership ===
 
Tin Zaw has been a strong and effective visionary President and Leader for OWASP Los Angeles for several years. He will remain an active member of the Board, but effective January 1, 2013, Tin will be stepping down as Leader. Richard Greenberg -- Current Board Member, will assume this role going forward. We give our thanks to Tin for his efforts and dedication and look forward to the new year under Richard's leadership.
 
Tin Zaw has been a strong and effective visionary President and Leader for OWASP Los Angeles for several years. He will remain an active member of the Board, but effective January 1, 2013, Tin will be stepping down as Leader. Richard Greenberg -- Current Board Member, will assume this role going forward. We give our thanks to Tin for his efforts and dedication and look forward to the new year under Richard's leadership.
  
  
*'''[http://www.meetup.com/OWASP-Los-Angeles/ http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png]
+
'''[http://www.meetup.com/OWASP-Los-Angeles/ http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png]
===== We are on Meetup. Please join our community there. =====
+
==== We are on Meetup. Please join our community there. ====
==== If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer. ====
+
===== If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer. =====
  
 
===== http://www.meetup.com/OWASP-Los-Angeles/ =====
 
===== http://www.meetup.com/OWASP-Los-Angeles/ =====
  
 
<br>  
 
<br>  
== '''OWASP Mailing List'''==
+
== '''Become an OWASP Member TODAY'''==
===== Sign up for the OWASP Los Angeles mailing list, very low volume and spam free. =====
+
===== Support your LA Chapter: only $50 for the entire year! =====
  
===== https://lists.owasp.org/mailman/listinfo/owasp-losangeles =====
+
===== https://www.owasp.org/index.php/Individual_Member =====
  
 
<br>  
 
<br>  
  
== '''Next Meeting  February 20, 7PM:'''==  
+
== '''Next Meeting  Wednesday, August 28, 2013 7PM @ Symantec Offices, 900 Corporate Pointe, Culver City, CA 90230'''==  
*'''At: Symantec Offices'''
+
  
*900 Corporate Pointe, Culver City, CA 90230
+
*''' Topic:  Layer 7 DDos Attacks'''
  
*Note the change in date, due to RSA
+
In this talk we will examine different DoS attack techniques used against cloud services. Many attacks discussed in the presentation target the application layer of the service, are highly efficient and asymmetric. In some cases, a single HTTP request of less than 50 bytes is sufficient to knock out a server until reboot. In addition to describing the attacks, we will also investigate the application design issues that lead to vulnerability, and demonstrate coding fixes as well as cloud based defenses that can be used to mitigate the problem.
  
 +
*''' Speaker: '''Cassio Goldschmidt is a former president of the OWASP Los Angeles Chapter'''
  
 +
Cassio Goldschmidt is a globally recognized application security leader with strong background in both product and program-level security. Outside work, Cassio is known for his contributions to Open Web Application Security Project (OWASP), Software Assurance Forum for Excellence in Code (SAFECode), the Common Weakness Enumeration (CWE)/SysAdmin, Audit, Network, Security (SANS) Top 25 Most Dangerous Software Errors, along with contributing to the security education curriculum of numerous universities and helping to create International Information Systems Security Certification Consortium (ISC)2’s Certified Secure Software Lifecycle Professional (CSSLP) certification.
  
== '''Speaker: iMan Louis''' ==
+
Cassio was one of the three finalist in the first (ISC)² Americas Information Security Leadership (ISLA) Awards 2011 in the Information Security Practitioner category and endowed with the special Community Service Star award during the same occasion. In 2012 Cassio was selected as one of the finalist for the OWASP Web Application Security Person of the Year (WASPY) Award. Cassio holds a number of US patents and is an accomplished writer and presenter in the field of application security.
*''' Abstract: Secure Password Storage Practices '''
+
(or Why "Hashing + Salting != Secure Passwords")
+
  
Many web applications require passwords that are hard for users to remember, cumbersome to type, yet easy for hackers to crack. With affordable, lightning-fast hardware aiding hackers, we have recently seen a number of large organizations in the news for user-password security failures. Join us as we discuss common attacks on password lists/tables as well as some password storage practices that can make any cracking attempts not worth the attackers’ time.
+
== '''Sponsor: SecureAuth'''==
  
 +
[[Image:Iab120x90_1414462.jpeg‎ |link=http://http://www.secureauth.com/]]
  
*'''Bio: iMan Louis '''
+
SecureAuth offers Mobile, Web, and Identity Access Mgmt, including single signon (SSO) and 2-factor authentication for cloud, mobile, and network applications.  
iMan is a Senior Consultant with Cigital Inc., where he conducts security code reviews, ethical hacking, and web application security assessments for some of the largest global corporations. He has also developed courseware for Cigital's Defensive Programming course series and delivered instructor-led training for many years. He brings 12 years of experience in software development and application security. iMan has recently moved from San Francisco to the Greater L.A. area and is looking forward to being an active member of our L.A. OWASP chapter.
+
 
+
 
+
== '''Sponsors: Arxan Technologies and Cigital'''==
+
''' Arxan Technologies '''
+
 
+
Sharing thought leadership & best practices on mobile apps security.
+
 
+
MOBILE APPLICATION PROTECTION
+
Application Security for Digital Media, Enterprise, Financial Institutions, Gaming, Software Publishers and more.
+
 
+
WORLD LEADER IN PROTECTING THE APP ECONOMY
+
Security for Mobile, Desktop, Embedded and Server Applications.
+
 
+
ACTIVE CONTENT PROTECTION TO SECURE PREMIUM CONTENT AND DIGITAL MEDIA APPLICATIONS
+
 
+
ANTI-TAMPER, ANTI-PIRACY SOFTWARE PROTECTION
+
Prevent lost revenue and compromise of intellectual property from hacker attacks in global markets
+
 
+
 
+
''' Cigital '''
+
 
+
The world’s largest consulting firm specializing in software security
+
 
+
Cigital, Inc is the global leader in helping organizations design, build, and maintain secure software. Our unique expertise, technologies, and training services are a culmination of over twenty years of research and thousands of successful software security consulting engagements at leading public and private organizations throughout the world.
+
 
+
  
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
Line 92: Line 67:
  
 
== '''Other Events'''  ==
 
== '''Other Events'''  ==
*'''ISSA Los Angeles Monthly Meeting'''
 
        Special Discount for OWASP Members
 
        WEDNESDAY, Feb 20, 2013 11:30 AM - 1:45 PM
 
        at Les Freres Taix French Restaurant
 
        1911 West Sunset Blvd., LA, Ca 90026
 
        (213) 484-1265
 
        issala.org
 
  
*''' [http://www.issala.org/summit/ Registration now open for the ISSA LA Security Summit May 21 at the Universal City Hilton] '''
+
*''' [http://www.issala.org/event/issa-la-august-lunch-meeting/ ISSA-LA August Lunch Meeting- August 21 @ 11:30 am - 1:45 pm-]
 +
'''Speaker''': Christopher Elisan'''<br>
 +
'''Topic''': Malware Automation'''<br>
 +
Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools and methodologies the attackers use to produce thousands of malware on a daily basis. The talk will then conclude with a live demonstration of how malware is produced in an automated fashion.
 +
 
 +
*''' [https://issaladinnermeeting.eventbrite.com/ OWASP-ISSA Joint Monthly Meeting - September 18, 2013-]  
 +
'''Speaker''': Jerry Hoff'''<br>
 +
'''Topic''': Demonstration of Common Web Vulnerabilities using WebGoat.NET'''<br>
 +
Developers cannot defend against unknown threats.  Understanding vulnerabilities and security controls is an absolute necessity – not only for developers, but for Architects, QA and anyone else involved in the creation of software. This talk starts by making a strong argument for developer education, and how it fits into any organization’s SDLC. From there, we discuss other OWASP resources and projects dedicated to developer education, and an in-depth discussion of OWASP WebGoat.NET – an ASP.NET specific re-design of OWASP which meets the needs and addresses the challenges of modern application security training programs.
 +
 
 +
*''' [http://www.appsecusa.org/2013/ AppSec USA 2013, NYC November 18-21 at Marriott, NYC] '''
 +
AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices.
 +
 
 +
=== ''' [http://appseccali.org/ OWASP AppSec California Summit January 27-28, 2014-] ===
  
  
 
== Archives of Previous Meetings  ==
 
== Archives of Previous Meetings  ==
 +
[[Los Angeles/2013 Meetings|2013 Meetings]]
 +
 
[[Los Angeles/2012 Meetings|2012 Meetings]]  
 
[[Los Angeles/2012 Meetings|2012 Meetings]]  
  
Line 114: Line 97:
 
[[Los Angeles/2008 Meetings|2008 Meetings]]  
 
[[Los Angeles/2008 Meetings|2008 Meetings]]  
  
[[Los Angeles Presentation Archive|List of presentations available from past meetings]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].-->  
+
[[Los Angeles Presentation Archive | Presentation Archive ]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].-->  
  
 
<br>  
 
<br>  
Line 126: Line 109:
 
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member  
 
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member  
  
Volunteer OWASP Leaders: Yev Avidon and Mikhael Felker  <br>
+
Volunteers: Yev Avidon and Mikhael Felker  <br>
 +
Volunteer OWASP Wiki: Mike Francis <br>
 
The Los Angeles chapter was founded by Cassio Goldschmidt.  
 
The Los Angeles chapter was founded by Cassio Goldschmidt.  
  

Revision as of 11:03, 14 August 2013

Welcome to the Los Angeles Chapter!

Donatenow.jpg

Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits::

- Meet upwards of 60-90 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi) 
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting 
- Promote your products and services
- Bring a raffle prize to gather business cards

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

Announcements

Mark Your Calendars: OWASP AppSec California Summit January 27-28, 2014-

Change in Leadership

Tin Zaw has been a strong and effective visionary President and Leader for OWASP Los Angeles for several years. He will remain an active member of the Board, but effective January 1, 2013, Tin will be stepping down as Leader. Richard Greenberg -- Current Board Member, will assume this role going forward. We give our thanks to Tin for his efforts and dedication and look forward to the new year under Richard's leadership.


logo.png

We are on Meetup. Please join our community there.

If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/


Become an OWASP Member TODAY

Support your LA Chapter: only $50 for the entire year!
https://www.owasp.org/index.php/Individual_Member


Next Meeting Wednesday, August 28, 2013 7PM @ Symantec Offices, 900 Corporate Pointe, Culver City, CA 90230

  • Topic: Layer 7 DDos Attacks

In this talk we will examine different DoS attack techniques used against cloud services. Many attacks discussed in the presentation target the application layer of the service, are highly efficient and asymmetric. In some cases, a single HTTP request of less than 50 bytes is sufficient to knock out a server until reboot. In addition to describing the attacks, we will also investigate the application design issues that lead to vulnerability, and demonstrate coding fixes as well as cloud based defenses that can be used to mitigate the problem.

  • Speaker: Cassio Goldschmidt is a former president of the OWASP Los Angeles Chapter

Cassio Goldschmidt is a globally recognized application security leader with strong background in both product and program-level security. Outside work, Cassio is known for his contributions to Open Web Application Security Project (OWASP), Software Assurance Forum for Excellence in Code (SAFECode), the Common Weakness Enumeration (CWE)/SysAdmin, Audit, Network, Security (SANS) Top 25 Most Dangerous Software Errors, along with contributing to the security education curriculum of numerous universities and helping to create International Information Systems Security Certification Consortium (ISC)2’s Certified Secure Software Lifecycle Professional (CSSLP) certification.

Cassio was one of the three finalist in the first (ISC)² Americas Information Security Leadership (ISLA) Awards 2011 in the Information Security Practitioner category and endowed with the special Community Service Star award during the same occasion. In 2012 Cassio was selected as one of the finalist for the OWASP Web Application Security Person of the Year (WASPY) Award. Cassio holds a number of US patents and is an accomplished writer and presenter in the field of application security.

Sponsor: SecureAuth

Iab120x90 1414462.jpeg

SecureAuth offers Mobile, Web, and Identity Access Mgmt, including single signon (SSO) and 2-factor authentication for cloud, mobile, and network applications.

Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Other Events

Speaker: Christopher Elisan
Topic: Malware Automation
Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools and methodologies the attackers use to produce thousands of malware on a daily basis. The talk will then conclude with a live demonstration of how malware is produced in an automated fashion.

Speaker: Jerry Hoff
Topic: Demonstration of Common Web Vulnerabilities using WebGoat.NET
Developers cannot defend against unknown threats. Understanding vulnerabilities and security controls is an absolute necessity – not only for developers, but for Architects, QA and anyone else involved in the creation of software. This talk starts by making a strong argument for developer education, and how it fits into any organization’s SDLC. From there, we discuss other OWASP resources and projects dedicated to developer education, and an in-depth discussion of OWASP WebGoat.NET – an ASP.NET specific re-design of OWASP which meets the needs and addresses the challenges of modern application security training programs.

AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices.

OWASP AppSec California Summit January 27-28, 2014-

Archives of Previous Meetings

2013 Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

Presentation Archive


Los Angeles Chapter

Volunteers: Yev Avidon and Mikhael Felker
Volunteer OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!

Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg