Difference between revisions of "Los Angeles"

From OWASP
Jump to: navigation, search
(OWASP Meeting with Jerry Hoff - March 11, 2015)
 
(211 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
== Welcome to the Los Angeles Chapter!  ==
 
== Welcome to the Los Angeles Chapter!  ==
  
 +
[[Image:New_OWASP_LA_Logo-08-2014.jpg|700px|New_OWASP_LA_Logo-08-2014.jpg]]
  
 
=====[http://www.regonline.com/donation_1044369 https://www.owasp.org/images/2/2f/Donatenow.jpg]=====
 
=====[http://www.regonline.com/donation_1044369 https://www.owasp.org/images/2/2f/Donatenow.jpg]=====
Line 8: Line 9:
  
 
Get the following benefits::
 
Get the following benefits::
  - Meet upwards of 60-90 potential new clients
+
  - Meet upwards of 70-110 potential new clients
  - Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site(Image size for logos: gif, jpg or png with a size of 150px X 45px at 72dpi or 55px X 80px at 72dpi)
+
  - Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site
 
  - Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
 
  - Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
 
  - Have a table at local chapter meeting  
 
  - Have a table at local chapter meeting  
Line 17: Line 18:
 
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations
 
Contact us [[#Los Angeles Chapter]] for general questions relating to sponsorship and donations
  
== '''Announcements'''  ==
+
== '''Participation'''  ==
  
=== ''' [http://appseccali.org/ Mark Your Calendars: OWASP AppSec California Summit January 27-28, 2014-] ===
+
OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the [https://www.owasp.org/index.php/Chapter_Leader_Handbook Chapter_Leader_Handbook]. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the [https://www.owasp.org/index.php/Speaker_Agreement speaker agreement] and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related security topic you would like to present on.
  
 
+
== '''Announcements'''  ==
=== [https://www.owasp.org/index.php/WASPY_Awards_2013 Los Angeles OWASP Chapter Board Nominated for Best Chapter Leader] ===
+
We have been nominated for the 2013 Global WASPY Awards, and are humbled to share this honor with the leading web application security professionals in the world.
+
Join OWASP and become a member and show your support by casting your vote!
+
  
 
<br>
 
<br>
===[[OWASP Los Angeles nominated for BEST CHAPTER LEADER]]===
+
===''' [https://www.owasp.org/index.php/WASPY_Awards_2013/ OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY]===
 
<br>
 
<br>
 
+
'''<h2>[http://www.meetup.com/OWASP-Los-Angeles https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [http://www.meetup.com/OWASP-Los-Angeles] [http://www.meetup.com/owasp-los-angeles OWASP-Los-Angeles '''''We are on Meetup. Please join our community here''.''']</h2>'''
'''[http://www.meetup.com/OWASP-Los-Angeles/ http://img1.meetupstatic.com/892670376411449149876/img/header/logo.png]
+
==== We are on Meetup. Please join our community there. ====
+
 
===== If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer. =====
 
===== If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer. =====
  
 
===== http://www.meetup.com/OWASP-Los-Angeles/ =====
 
===== http://www.meetup.com/OWASP-Los-Angeles/ =====
  
<br>  
+
<br>
 +
 
 
== '''Become an OWASP Member TODAY'''==
 
== '''Become an OWASP Member TODAY'''==
 
===== Support your LA Chapter: only $50 for the entire year!  =====
 
===== Support your LA Chapter: only $50 for the entire year!  =====
Line 42: Line 39:
 
===== https://www.owasp.org/index.php/Individual_Member  =====
 
===== https://www.owasp.org/index.php/Individual_Member  =====
  
<br>  
+
<br>
  
== '''Next Meeting [https://issaladinnermeeting.eventbrite.com/ OWASP-ISSA Joint Monthly Meeting-] Wednesday September 18, 2013 7PM '''==  
+
== '''Next OWASP Meeting'''==
@ [http://maps.google.com/maps?q=11301+Olympic+Blvd.+%23204%2C+West+Los+Angeles%2C+CA The Olympic Collection Banquet & Conference Center 11301 Olympic Blvd. #204, West Los Angeles, CA ]
+
'''''**[http://www.meetup.com/OWASP-Los-Angeles/pages/Symantec_Parking_Information/ NOTE: Please review NEW parking rules (@meetup.com) for our monthly meetings at Symantec as of 7/22/2014] **'''''
 
+
'''Speaker''': Jerry Hoff'''<br>
+
Whitehat Security, VP, Static Code Analysis Division; Managing Partner / Co-Founder, INFRARED SECURITY; Former Developer Security Consulting & FTE Across The Board; Over 10,000 Hours Delivering Technical Training; MS In Computer Science, Washington University
+
 
+
'''Topic''': Demonstration of Common Web Vulnerabilities using WebGoat.NET'''<br>
+
Developers cannot defend against unknown threats.  Understanding vulnerabilities and security controls is an absolute necessity – not only for developers, but for Architects, QA and anyone else involved in the creation of software. This talk starts by making a strong argument for developer education, and how it fits into any organization’s SDLC. From there, we discuss other OWASP resources and projects dedicated to developer education, and an in-depth discussion of OWASP WebGoat.NET – an ASP.NET specific re-design of OWASP which meets the needs and addresses the challenges of modern application security training programs.
+
<br>
+
 
<br>
 
<br>
  
== '''Sponsor: Checkmarx and Trend Micro'''==
+
== '''[http://www.meetup.com/OWASP-Los-Angeles/events/218407512/ Feb 25 2015 7pm at Symantec Offices in Culver City] '''<br> ==
  
[[Image:Chx.png |link=http://www.checkmarx.com/]]
+
Speaker: David Maman
<br>
+
Checkmarx provides the best way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk.
+
  
The product enables developers and auditors to easily scan un-compiled / un-built code in all major coding languages and identify its security vulnerabilities.
+
Mr. Maman is co-founder and CTO at GreenSQL, a leader in unified database security solutions. He is a recognized international expert in computer security advising companies on threat management, real-time network protection, advanced network design, and security architecture. David has founded a number of high-tech start-up companies, including Vanadium-Soft, Preacos, and Moksai. As a senior technology director for Fortinet, a leading international IT security firm, Mr. Maman provided consulting services to global businesses and opened new international regions. He was the information security manager for Bezeq, a national telecommunications company, and the chief scientist at Ofek, a leading Israeli IT and security consulting firm.
  
Static Code Analysis (SCA) delivers security and the requirement of incorporating security into the software development lifecycle (SDLC). It is the only proven method to cover the entire code base and identify all the vulnerable areas in the software. In static code analysis the entire code base is abstracted and all code properties and code data-flows are exposed.
+
Topic: WAF Isn't Enough. The Multi-Faceted Approach to Defend against SQL Injection Attacks
  
With Checkmarx's CxSuite, auditors and developers have immediate access to the code analysis results and remediation advice. We provide user friendly, high productivity, flexible and accurate risk intelligence platform that ensures your application remains hacker-proof.
+
WAFs are essential security mechanisms used on almost all commercial websites today. Despite the excellent protection they offer against many types of attacks, WAFs are inadequate to protect against today’s sophisticated SQL Injection (SQLi) attacks. This is because, fundamentally, a WAF does not understand database commands or database structure. Its protection is limited to a black list of blocked signatures. Even if a WAF did provide complete protection from web access, it still would be inadequate for database protection, because databases are accessed from many sources, not just from web-based applications. Attendees will learn best practices for defending against SQLi attacks using a comprehensive approach of:
 +
  Database firewalls
 +
  Pattern learning processes
 +
  Separation of duties
 +
  Risk-based policies
 +
  Masking of sensitive information
  
[[Image:Iab120x90_1855632.jpeg | link=http://www.trendmicro.com/]]
 
 
<br>
 
<br>
Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information.  Our solutions for consumers, businesses and governments provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud.
+
<div style="text-align: center;">
 +
Thanks to our sponsor:
  
Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. Leveraging these solutions, organizations can protect their end users, their evolving data center and cloud resources, and their information threatened by sophisticated targeted attacks.
+
''[[File:Iab120x90_2515995.jpeg| center | link=http://www.greensql.com ]]''
 +
GreenSQL is a powerful database firewall and compliance solution that adds important security and auditing functionality to cloud-hosted and on-premises databases.
 +
</div>
  
All of their solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™, and are supported by over 1,200 threat experts around the globe.  For more information, visit www.trendmicro.com.
 
  
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
 
===== Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/ =====
Line 84: Line 78:
 
<br>  
 
<br>  
  
== '''Other Events'''  ==
+
== '''Upcoming OWASP Meetings'''  ==
  
*''' [http://www.bsidesoc.org FIRST B-Sides Orange County Conference - Friday, October 4th, 2013 10:30 am - 5:00 pm ]
+
== ''' [http://www.meetup.com/OWASP-Los-Angeles/events/219479197/ Special OWASP-CSA Joint Meeting with Jerry Hoff - March 11, 2015] '''==
<br>
+
  
*''' [http://www.appsecusa.org/2013/ AppSec USA 2013, NYC November 18-21 at Marriott, NYC] '''
+
Title: Web Attacks at Scale in 2015 (Alternative Title: Web Security Bootcamp)
AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices.
+
  
*''' [http://appseccali.org/ OWASP AppSec California Summit January 27-28, 2014-] '''
+
Abstract: This talk is an attacker-centric presentation demonstrating how modern pen-testing tools such as OWASP Zap, Browser Exploitation Framework (BeEF) and sqlmap can be used to automate web attacks at scale.  Reenactments of some of the most publicized attacks in recent history will be conducted to ensure participants understand and absorb how these attacks are taking place.  Full exploits using these tools and more will be demonstrated, and a discussion of solutions will follow.
 +
 
 +
Bio:
 +
Jerry Hoff is the Principal Security Strategist at WhiteHat Security.
 +
 
 +
== ''' [http://www.meetup.com/OWASP-Los-Angeles/events/211682922/ OWASP Monthly Meeting - March 25, 2015] '''<br> ==
 +
 
 +
== '''Other Events'''  ==
 
<br>
 
<br>
 +
== ''' [http://summit.issala.org/  Issa-LA Summit - Thursday, June 4,5 2015 7:30am - 6pm] '''<br> ==
  
 
== Archives of Previous Meetings  ==
 
== Archives of Previous Meetings  ==
 +
[[Los Angeles/2015 Meetings|2015 Meetings]]
 +
 +
[[Los Angeles/2014 Meetings|2014 Meetings]]
 +
 
[[Los Angeles/2013 Meetings|2013 Meetings]]
 
[[Los Angeles/2013 Meetings|2013 Meetings]]
  
Line 110: Line 114:
 
[[Los Angeles Presentation Archive | Presentation Archive ]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].-->  
 
[[Los Angeles Presentation Archive | Presentation Archive ]] <!--A list of previous presentations conducted at the Los Angeles Chapter can be found [https://www.owasp.org/index.php/Los_Angeles_Previous_Presentations here].-->  
  
<br>  
+
<br>
  
 
== Los Angeles Chapter  ==
 
== Los Angeles Chapter  ==
Line 117: Line 121:
 
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Board Member
 
*[mailto:tin.zaw@owasp.org Tin Zaw] -- Board Member
 
*[mailto:edward@owasp.org Edward Bonver] -- Board Member
 
*[mailto:edward@owasp.org Edward Bonver] -- Board Member
*[mailto:Kelly.Fitzgerald@owasp.org Kelly Fitzgerald] -- Board Member  
+
*[mailto:mike.francis@owasp.org Mike Francis] -- Board Member  
 
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member  
 
*[mailto:Stuart.Schwartz@owasp.org Stuart Schwartz] -- Board Member  
 +
*[mailto:aaron.guzman@owasp.org Aaron Guzman] -- Board Member
 +
*[mailto:dave.wettenstein@owasp.org Dave Wettenstein] -- Board Member 
  
 
Volunteers: Yev Avidon and Mikhael Felker  <br>
 
Volunteers: Yev Avidon and Mikhael Felker  <br>
Volunteer OWASP Wiki: Mike Francis <br>
+
OWASP Wiki: [mailto:mike.francis@owasp.org Mike Francis] <br>
 
The Los Angeles chapter was founded by Cassio Goldschmidt.  
 
The Los Angeles chapter was founded by Cassio Goldschmidt.  
  
 
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!  
 
<br>The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!  
 +
 +
<!-- === ''' [http://appseccali.org/ OWASP AppSec California Summit January 27-28, 2014-] ===
 +
-->
  
 
Web archive: http://2010.AppSecUSA.org  
 
Web archive: http://2010.AppSecUSA.org  

Latest revision as of 09:14, 19 February 2015

Welcome to the Los Angeles Chapter!

New_OWASP_LA_Logo-08-2014.jpg

Donatenow.jpg

Single Meeting Supporter: Organizations that wish to support the OWASP Los Angeles Chapter with a 100% tax deductible donation enable the OWASP Foundation to continue its mission

Get the following benefits::

- Meet upwards of 70-110 potential new clients
- Be recognized as a local supporter by posting your company logo on the local chapter page and on our Meetup site
- Have your marketing write-up included in e-mail blasts sent prior to a monthly meeting.
- Have a table at local chapter meeting 
- Promote your products and services
- Bring a raffle prize to gather business cards

Contact us #Los Angeles Chapter for general questions relating to sponsorship and donations

Participation

OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related security topic you would like to present on.

Announcements


OWASP Los Angeles received the BEST Chapter Leaders award at AppSec USA NY


Meetup_logo3.jpg [1] OWASP-Los-Angeles We are on Meetup. Please join our community here.

If you are unable to access Meetup from your work computer as a result of filtering of social sites, we recommend that you view it on your smart phone or via your personal computer.
http://www.meetup.com/OWASP-Los-Angeles/


Become an OWASP Member TODAY

Support your LA Chapter: only $50 for the entire year!
https://www.owasp.org/index.php/Individual_Member


Next OWASP Meeting

**NOTE: Please review NEW parking rules (@meetup.com) for our monthly meetings at Symantec as of 7/22/2014 **

Feb 25 2015 7pm at Symantec Offices in Culver City

Speaker: David Maman

Mr. Maman is co-founder and CTO at GreenSQL, a leader in unified database security solutions. He is a recognized international expert in computer security advising companies on threat management, real-time network protection, advanced network design, and security architecture. David has founded a number of high-tech start-up companies, including Vanadium-Soft, Preacos, and Moksai. As a senior technology director for Fortinet, a leading international IT security firm, Mr. Maman provided consulting services to global businesses and opened new international regions. He was the information security manager for Bezeq, a national telecommunications company, and the chief scientist at Ofek, a leading Israeli IT and security consulting firm.

Topic: WAF Isn't Enough. The Multi-Faceted Approach to Defend against SQL Injection Attacks

WAFs are essential security mechanisms used on almost all commercial websites today. Despite the excellent protection they offer against many types of attacks, WAFs are inadequate to protect against today’s sophisticated SQL Injection (SQLi) attacks. This is because, fundamentally, a WAF does not understand database commands or database structure. Its protection is limited to a black list of blocked signatures. Even if a WAF did provide complete protection from web access, it still would be inadequate for database protection, because databases are accessed from many sources, not just from web-based applications. Attendees will learn best practices for defending against SQLi attacks using a comprehensive approach of:

  Database firewalls
  Pattern learning processes
  Separation of duties
  Risk-based policies
  Masking of sensitive information


Thanks to our sponsor:

Iab120x90 2515995.jpeg

GreenSQL is a powerful database firewall and compliance solution that adds important security and auditing functionality to cloud-hosted and on-premises databases.


Please RSVP here: http://www.meetup.com/OWASP-Los-Angeles/events/


Would you like to speak at an OWASP Los Angeles Meeting?

Call for Papers (CFP) is NOW OPEN. To speak at upcoming OWASP Los Angeles meetings please submit your BIO and talk abstract via email to Richard Greenberg OR Stuart Schwartz. The talk must be vendor neutral and its content be available under Creative Common 3.0 license.


Upcoming OWASP Meetings

Special OWASP-CSA Joint Meeting with Jerry Hoff - March 11, 2015

Title: Web Attacks at Scale in 2015 (Alternative Title: Web Security Bootcamp)

Abstract: This talk is an attacker-centric presentation demonstrating how modern pen-testing tools such as OWASP Zap, Browser Exploitation Framework (BeEF) and sqlmap can be used to automate web attacks at scale. Reenactments of some of the most publicized attacks in recent history will be conducted to ensure participants understand and absorb how these attacks are taking place. Full exploits using these tools and more will be demonstrated, and a discussion of solutions will follow.

Bio: Jerry Hoff is the Principal Security Strategist at WhiteHat Security.

OWASP Monthly Meeting - March 25, 2015

Other Events


Issa-LA Summit - Thursday, June 4,5 2015 7:30am - 6pm

Archives of Previous Meetings

2015 Meetings

2014 Meetings

2013 Meetings

2012 Meetings

2011 Meetings

2010 Meetings

2009 Meetings

2008 Meetings

Presentation Archive


Los Angeles Chapter

Volunteers: Yev Avidon and Mikhael Felker
OWASP Wiki: Mike Francis
The Los Angeles chapter was founded by Cassio Goldschmidt.


The AppSec USA 2010 conference received rave reviews. Thanks to all the volunteers and great speakers who helped make it a success!


Web archive: http://2010.AppSecUSA.org

Videos: http://vimeo.com/user4863863/videos

AppSec Logo.jpg