Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
(30 intermediate revisions by the same user not shown)
Line 44: Line 44:
 
== '''Next OWASP Meeting'''==
 
== '''Next OWASP Meeting'''==
 
''**NOTE: Date for this event **''
 
''**NOTE: Date for this event **''
==''' 7pm February 19, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230'''==
+
==''' 7pm May 28, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230'''==
  
   '''Topic:  Building a shield of security - Vulnerability Management by the numbers and dumb robots'''
+
   '''Topic:  Cloud Security Through Threat Modeling
  
This presentation discusses how builders, breakers and defenders should look at vulnerability management when attempting to keep hackers at bay??
+
One of the most effective tools developers can implement in their
We shall discuss the most common vulnerabilities which are not detected by security tools nor automation but nevertheless are common and can be used to commit real fraud resulting in financial loss. We will look at some real world examples from the trenches, discuss business logic and authorisation testing, how we approach these and why automation does not work to detect such critical issues. We will see that Web Application Firewalls are ineffective against such attacks and why the only practical solution is to apply a layered approach across the SDLC and by focusing on the application as a logical state machine.
+
security development lifecycle programs is threat modeling. Robert will
 +
discuss how effective threat modeling techniques enable developers to
 +
uncover security vulnerabilities before code is even written. Together
 +
they will reveal how threat modeling also applies to cloud environments.
 +
Whether building a hybrid model, purely commodity cloud, or Virtual
 +
Private Cloud (VPC) environment, threat modeling helps identify the
 +
attack surface area and likely threat vectors. Finally, they will explain
 +
to attendees that threat modeling allows developers and operations
 +
personnel to address vulnerabilities as enterprises migrate to the cloud.  
  
   '''Speaker: Rahim Jina - BCC Risk Advisory'''
+
   '''Speaker:   Robert Zigweid
  
Rahim has been an active member of OWASP since 2008 and has contributed to many projects such as the OWASP Security Code Review Guide and is an ex-board member of the Irish Chapter. Previously Rahim was a senior security consultant at a ?big 4? professional services firm and more recently, the head of security for Fonality Inc, a VoIP service provider based in Los Angeles. Rahim is currently a director for BCC Risk Advisory (bccriskadvisory.com), based in Dublin, Ireland. He is also responsible for the security architecture of the edgescan.com vulnerability management solution.
+
Robert Zigweid As an IOActive Director of Services, Robert Zigweid is responsible to both perform and ensure quality on engagements, working with clients to discover and solve network and application problems that threaten their business goals and assets. Mr. Zigweid is an accomplished developer and application tester, with advanced skills in the creation and analysis of systems architecture and threat modeling.
  
<!-- == '''Sponsor: '''== -->
+
In addition to his direct efforts on penetration tests, security reviews,
 +
and network and application audits, Mr. Zigweid frequently contributes to
 +
the advancement of more stable, secure systems through his research and
 +
development. His research‹and the resultant presentations at top industry
 +
conferences‹furthers the formal understanding of application and network
 +
security for audiences at varying levels of technical fluency.
 +
 
 +
Mr. Zigweid also helped develop IOActive's secure coding and Software
 +
Development Lifecycle training courses, sharing his deep understanding of
 +
industry best practices and guidelines to help our clients develop
 +
applications capable of resisting both internal and external threats.
 +
 
 +
== '''Sponsor: Contrast Security'''==
 +
 
 +
[[Image:Contrastlogo.jpg | 100px |thumb|center|link=http://www.contrastsecurity.com/]]
 +
  
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
Line 70: Line 93:
 
<!-- *''' [http://appseccali.org/ OWASP AppSec California Summit January 27-28, 2014-] ''' -->
 
<!-- *''' [http://appseccali.org/ OWASP AppSec California Summit January 27-28, 2014-] ''' -->
 
<!-- *''' February 19, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230''' -->
 
<!-- *''' February 19, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230''' -->
*''' March 19, 2014: Joint Dinner Meeting with ISSA'''
+
<!-- *''' March 19, 2014: Joint Dinner Meeting with ISSA''' -->
*'''April 23, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230'''
+
*'''May 28, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230'''
 +
    '''Topic: Cloud Security Through Threat Modeling'''
 +
    '''Speaker: Robert Zigweid'''  
  
 
== '''Other Events'''  ==
 
== '''Other Events'''  ==
  
*''' [http://issa-la-feb2014.eventbrite.com/ ISSA-LA February 19, 2014 lunch meeting at Taix French Restaurant - Wednesday, February 19, 2014 11:30am - 1:45pm ] '''
+
<!-- *''' [https://www.eventbrite.com/e/issa-la-april-lunch-meeting-tickets-11075766917?ref=ebtnebregn ISSA-LA April lunch meeting at Taix French Restaurant - Wednesday, April 16, 2014 11:30am - 1:45pm ] '''
 
+
  '''Topic: Hacking Information Security Management'''
*'''Topic: Defending against the largest DDoS attack in history and recent trends in DDoS'''
+
  '''Speaker: Mikhael Felker, Director of Security & Compliance for ReachLocal'''  
 
+
<br> -->
*'''Speaker: Matthew Prince – CEO, CloudFlare'''
+
 
+
 
*''' [http://www.issala.org/summit-vi-may-2014/ ISSA-LA 6th Annual Information Security Summit - Friday, May 16, 2014 at Universal City] '''
 
*''' [http://www.issala.org/summit-vi-may-2014/ ISSA-LA 6th Annual Information Security Summit - Friday, May 16, 2014 at Universal City] '''
  
Line 110: Line 133:
 
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Board Member
 
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Board Member
 
*[mailto:edward@owasp.org Edward Bonver] -- Board Member
 
*[mailto:edward@owasp.org Edward Bonver] -- Board Member
*[mailto:Kelly.Fitzgerald@owasp.org Kelly Fitzgerald] -- Board Member  
+
*[mailto:mike.francis@owasp.org Mike Francis] -- Board Member  
 
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member  
 
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member  
*Mike Francis -- Board Member  
+
*[mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member  
*Dave W. -- Board Member  
+
*[mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member
  
 
Volunteers: Yev Avidon and Mikhael Felker  <br>
 
Volunteers: Yev Avidon and Mikhael Felker  <br>
OWASP Wiki: Mike Francis <br>
+
OWASP Wiki: [mailto:mike.francis@owasp.org Mike Francis] <br>
 
The Los Angeles chapter was founded by Cassio Goldschmidt.  
 
The Los Angeles chapter was founded by Cassio Goldschmidt.  
  

Revision as of 08:25, 28 April 2014

Welcome to the Los Angeles Chapter!

Donatenow.jpg

Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits::

- Meet upwards of 60-90 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi) 
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting 
- Promote your products and services
- Bring a raffle prize to gather business cards

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

Announcements

OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY


logo.png

We are on Meetup. Please join our community there.

If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/


Become an OWASP Member TODAY

Support your LA Chapter: only $50 for the entire year!
https://www.owasp.org/index.php/Individual_Member


2013 December Holiday Party at Daily Grill in LA

Holiday.jpg


Next OWASP Meeting

**NOTE: Date for this event **

7pm May 28, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230

  Topic:  Cloud Security Through Threat Modeling

One of the most effective tools developers can implement in their security development lifecycle programs is threat modeling. Robert will discuss how effective threat modeling techniques enable developers to uncover security vulnerabilities before code is even written. Together they will reveal how threat modeling also applies to cloud environments. Whether building a hybrid model, purely commodity cloud, or Virtual Private Cloud (VPC) environment, threat modeling helps identify the attack surface area and likely threat vectors. Finally, they will explain to attendees that threat modeling allows developers and operations personnel to address vulnerabilities as enterprises migrate to the cloud.

  Speaker:   Robert Zigweid

Robert Zigweid As an IOActive Director of Services, Robert Zigweid is responsible to both perform and ensure quality on engagements, working with clients to discover and solve network and application problems that threaten their business goals and assets. Mr. Zigweid is an accomplished developer and application tester, with advanced skills in the creation and analysis of systems architecture and threat modeling.

In addition to his direct efforts on penetration tests, security reviews, and network and application audits, Mr. Zigweid frequently contributes to the advancement of more stable, secure systems through his research and development. His research‹and the resultant presentations at top industry conferences‹furthers the formal understanding of application and network security for audiences at varying levels of technical fluency.

Mr. Zigweid also helped develop IOActive's secure coding and Software Development Lifecycle training courses, sharing his deep understanding of industry best practices and guidelines to help our clients develop applications capable of resisting both internal and external threats.

Sponsor: Contrast Security

Contrastlogo.jpg


Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg OR Stuart Schwartz. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Upcoming OWASP Meetings

  • May 28, 2014 at Symantec offices, 900 Corporate Pointe, Culver City, CA 90230
   Topic: Cloud Security Through Threat Modeling
   Speaker: Robert Zigweid 

Other Events


Archives of Previous Meetings

2014 Meetings

2013 Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

Presentation Archive


Los Angeles Chapter

Volunteers: Yev Avidon and Mikhael Felker
OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!


Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg